chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove deprecated auth code see #2645

Browse Source
pull/2715/head
Julio 6 years ago
parent 6837b7221f
commit 758e98e81c
67 changed files with 0 additions and 11771 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 228
      main/auth/cas/authcas.php
  2. 31
      main/auth/cas/cas_var.inc.php
  3. 1687
      main/auth/cas/lib/CAS.php
  4. 219
      main/auth/cas/lib/CAS/PGTStorage/pgt-db.php
  5. 276
      main/auth/cas/lib/CAS/PGTStorage/pgt-file.php
  6. 215
      main/auth/cas/lib/CAS/PGTStorage/pgt-main.php
  7. 2774
      main/auth/cas/lib/CAS/client.php
  8. 881
      main/auth/cas/lib/CAS/domxml-php4-to-php5.php
  9. 27
      main/auth/cas/lib/CAS/languages/catalan.php
  10. 27
      main/auth/cas/lib/CAS/languages/english.php
  11. 28
      main/auth/cas/lib/CAS/languages/french.php
  12. 27
      main/auth/cas/lib/CAS/languages/german.php
  13. 27
      main/auth/cas/lib/CAS/languages/greek.php
  14. 27
      main/auth/cas/lib/CAS/languages/japanese.php
  15. 24
      main/auth/cas/lib/CAS/languages/languages.php
  16. 27
      main/auth/cas/lib/CAS/languages/spanish.php
  17. 56
      main/auth/cas/logincas.php
  18. 13
      main/auth/cas/logout.php
  19. 220
      main/auth/external_login/facebook.inc.php
  20. 24
      main/auth/external_login/facebook.init.php
  21. 231
      main/auth/external_login/functions.inc.php
  22. 407
      main/auth/external_login/ldap.inc.php
  23. 22
      main/auth/external_login/ldap_import_all_users.php
  24. 85
      main/auth/external_login/login.ldap.php
  25. 107
      main/auth/external_login/login.ws.php
  26. 71
      main/auth/external_login/newUser.ldap.php
  27. 54
      main/auth/external_login/newUser.php
  28. 41
      main/auth/external_login/updateUser.php
  29. 800
      main/auth/ldap/authldap.php
  30. 6
      main/auth/ldap/index.html
  31. 47
      main/auth/ldap/ldap_var.inc.php
  32. 44
      main/auth/ldap/login.php
  33. 36
      main/auth/ldap/newUser.php
  34. 6
      main/auth/ldap/syncro_users.php
  35. 10
      main/auth/shibboleth/_readme.txt
  36. 158
      main/auth/shibboleth/app/controller/shibboleth_controller.class.php
  37. 44
      main/auth/shibboleth/app/model/admin.class.php
  38. 134
      main/auth/shibboleth/app/model/scaffold/admin.class.php
  39. 185
      main/auth/shibboleth/app/model/scaffold/user.class.php
  40. 197
      main/auth/shibboleth/app/model/shibboleth_store.class.php
  41. 33
      main/auth/shibboleth/app/model/shibboleth_user.class.php
  42. 95
      main/auth/shibboleth/app/model/user.class.php
  43. 266
      main/auth/shibboleth/app/shibboleth.class.php
  44. 18
      main/auth/shibboleth/app/view/admin_login.php
  45. 20
      main/auth/shibboleth/app/view/request.php
  46. 66
      main/auth/shibboleth/app/view/shibboleth_display.class.php
  47. 51
      main/auth/shibboleth/app/view/shibboleth_email_form.class.php
  48. 97
      main/auth/shibboleth/app/view/shibboleth_status_request_form.class.php
  49. 16
      main/auth/shibboleth/config-dist.php
  50. 69
      main/auth/shibboleth/config/aai.class.php
  51. 85
      main/auth/shibboleth/db/shibboleth_upgrade.class.php
  52. 8
      main/auth/shibboleth/index.php
  53. 23
      main/auth/shibboleth/init.php
  54. 14
      main/auth/shibboleth/lib/model.class.php
  55. 64
      main/auth/shibboleth/lib/scaffolder/scaffolder.class.php
  56. 146
      main/auth/shibboleth/lib/scaffolder/template/default.php
  57. 146
      main/auth/shibboleth/lib/scaffolder/template/model.php
  58. 39
      main/auth/shibboleth/lib/scaffolder/template/public.php
  59. 61
      main/auth/shibboleth/lib/shibboleth_config.class.php
  60. 100
      main/auth/shibboleth/lib/shibboleth_session.class.php
  61. 357
      main/auth/shibboleth/lib/store.class.php
  62. 35
      main/auth/shibboleth/login.php
  63. 36
      main/auth/shibboleth/script/scaffold.php
  64. 218
      main/auth/shibboleth/test/shibboleth_test.class.php
  65. 133
      main/auth/shibboleth/test/shibboleth_test_helper.class.php
  66. 32
      main/auth/shibboleth/test/test.php
  67. 20
      main/auth/shibboleth/test/test_no_email.php

228
main/auth/cas/authcas.php
Unescape View File

@ -1,228 +0,0 @@
<?php
/* Written by Noel Dieschburg <noel@cblue.be> for the paris5 university
* Checks if the user is already logged in via the cas system
* Gets all the info via the ldap module (ldap has to work)
*/
require_once api_get_path(SYS_PATH).'main/auth/cas/cas_var.inc.php';
require_once api_get_path(SYS_PATH).'main/auth/external_login/ldap.inc.php';
require_once api_get_path(SYS_PATH).'main/auth/external_login/functions.inc.php';
/**
* @return true if cas is configured
*/
function cas_configured()
{
global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
$res = false;
if (!empty($cas_auth_ver) && !empty($cas_auth_server) && !empty($cas_auth_port)) {
$res = true;
}
return $res;
}
/**
* checks if the user already get a session.
*
* @return the user login if the user already has a session ,false otherwise
*/
function cas_is_authenticated()
{
global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
global $PHPCAS_CLIENT;
global $logout;
if (!cas_configured()) {
return;
}
if (!is_object($PHPCAS_CLIENT)) {
phpCAS::client($cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri);
phpCAS::setNoCasServerValidation();
}
$auth = phpCAS::checkAuthentication();
if ($auth) {
$login = trim(phpCAS::getUser());
/*
Get user attributes. Here are the attributes for crdp platform
sn => name
ENTPersonMailInterne => mail
ENTPersonAlias => login
ENTPersonProfils => profil
givenName => first name
*/
/*$user=phpCAS::getAttributes();
$firstName = trim($user['givenName']);
$lastName = trim($user['sn']);
$login = trim($user['ENTPersonAlias']);
$profil = trim($user['ENTPersonProfils']);
$email = trim($user['ENTPersonMailInterne']);
$satus=5;
switch ($profil){
case 'admin_etab':
$status=3; //Session admin
break;
case 'admin_sie':
$status=3; //Session admin
break;
case 'National_3':
$status=1; // Teacher
break;
case 'National_1':
$status=5; // Student
break;
default:
$status=5; // Student
}*/
if (!$logout) {
// get user info from username
$tab_user_info = api_get_user_info($login);
// user found in the chamilo database
if (is_array($tab_user_info)) {
// if option is on we update user automatically from ldap server
if (api_get_setting("update_user_info_cas_with_ldap") == "true") {
$ldapuser = extldap_authenticate($login, 'nopass', true);
if ($ldapuser !== false) {
$chamilo_user = extldap_get_chamilo_user($ldapuser);
$chamilo_user['user_id'] = $tab_user_info['user_id'];
$chamilo_user['status'] = $tab_user_info['status'];
UserManager::update_user(
$chamilo_user["user_id"],
$chamilo_user["firstname"],
$chamilo_user["lastname"],
$login,
null,
null,
$chamilo_user["email"],
$chamilo_user["status"],
'',
'',
'',
'',
1,
null,
0,
null,
''
);
}
}
return $login;
} // user not found
else {
// if option is on we can ADD user automatically from ldap server or by modify own profil
$user_added = false;
switch (api_get_setting("cas_add_user_activate")) {
case PLATFORM_AUTH_SOURCE:
// user will have to modify firstname, lastname, email in chamilo profil edit
$userdata = get_lang("EditInProfil");
UserManager::create_user(
$userdata,
$userdata,
'5',
$userdata,
$login,
'casplaceholder',
'',
'',
'',
'',
CAS_AUTH_SOURCE
);
$user_added = $login;
break;
case LDAP_AUTH_SOURCE:
// user info are read from ldap connexion
// get user info from ldap server
// user has already been authenticated by CAS
// If user not found in LDAP, user not created
$ldapuser = extldap_authenticate($login, 'nopass', true);
if ($ldapuser !== false) {
$chamilo_user = extldap_get_chamilo_user($ldapuser);
$chamilo_user['username'] = $login;
$chamilo_user['auth_source'] = CAS_AUTH_SOURCE;
$chamilo_uid = external_add_user($chamilo_user);
$user_added = $login;
}
break;
default:
break;
}
return $user_added;
}
}
// //If the user is in the dokeos database and we are ,not in a logout request, we upgrade his infomration by ldap
// if (! $logout){
// $user_table = Database::get_main_table(TABLE_MAIN_USER);
// $sql = "SELECT user_id, username, password, auth_source, active, expiration_date ".
// "FROM $user_table ".
// "WHERE username = '$login' ";
//
// $result = Database::query($sql,__FILE__,__LINE__);
// if(mysql_num_rows($result) == 0) {
// require_once(api_get_path(SYS_PATH).'main/inc/lib/usermanager.lib.php');
// $rnumber=rand(0,256000);
// UserManager::create_user($firstName, $lastName, $status, $email, $login, md5('casplaceholder'.$rnumber), $official_code='',$language='',$phone='',$picture_uri='',$auth_source = PLATFORM_AUTH_SOURCE);
// }
// else {
// $user = mysql_fetch_assoc($result);
// $user_id = intval($user['user_id']);
// //echo "deb : $status";
// UserManager::update_user ($user_id, $firstname, $lastname, $login, null, null, $email, $status, '', '', '', '', 1, null, 0, null,'') ;
//
// }
// }
return $login;
} else {
return false;
}
}
/**
* Logs out the user of the cas
* The user MUST be logged in with cas to use this function.
*
* @param $uinfo array user info (not needed)
* @param $location string redirect url
*
* @see online_logout()
*/
function cas_logout($uinfo = null, $location = null)
{
global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
global $PHPCAS_CLIENT;
if (!is_object($PHPCAS_CLIENT)) {
phpCAS::client($cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri);
phpCAS::setNoCasServerValidation();
}
if (!isset($location)) {
$location = api_get_path(WEB_PATH);
}
phpCAS::logoutWithRedirectService($location);
}
/*
* Return the direct URL to a course code with CAS login
*/
function get_cas_direct_URL($in_course_code)
{
return api_get_path(WEB_PATH).'main/auth/cas/logincas.php?firstpage='.$in_course_code;
}
function getCASLogoHTML()
{
$out_res = "";
if (api_get_setting("casLogoURL") != "") {
$out_res = "<img src='".api_get_setting("casLogoURL")."' alt='CAS Logo' />";
}
return $out_res;
}

31
main/auth/cas/cas_var.inc.php
Unescape View File

@ -1,31 +0,0 @@
<?php
/* This file contains all the configuration variable for the cas module
* In the future, these will be in the database
*/
require_once 'lib/CAS.php';
global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
$cas_auth_server = api_get_setting('cas_server');
$cas_auth_uri = api_get_setting('cas_server_uri');
$cas_auth_port = intval(api_get_setting('cas_port'));
switch (api_get_setting('cas_protocol')) {
case 'CAS1':
$cas_auth_ver = CAS_VERSION_1_0;
break;
case 'CAS2':
$cas_auth_ver = CAS_VERSION_2_0;
break;
case 'SAML':
$cas_auth_ver = SAML_VERSION_1_1;
break;
default:
$cas_auth_ver = CAS_VERSION_2_0;
break;
}
$cas_auth_uri = api_get_setting('cas_server_uri');
if (!is_string($cas_auth_uri)) {
$cas_auth_uri = '';
}

1687
main/auth/cas/lib/CAS.php
View File

File diff suppressed because it is too large Load Diff

219
main/auth/cas/lib/CAS/PGTStorage/pgt-db.php
Unescape View File

@ -1,219 +0,0 @@
<?php
/*
* Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* * Neither the name of the ESUP-Portail consortium & the JA-SIG
* Collaborative nor the names of its contributors may be used to endorse or
* promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file CAS/PGTStorage/pgt-db.php
* Basic class for PGT database storage
*/
/**
* @class PGTStorageDB
* The PGTStorageDB class is a class for PGT database storage. An instance of
* this class is returned by CASClient::SetPGTStorageDB().
*
* @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
*
* @ingroup internalPGTStorageDB
*/
class PGTStorageDB extends PGTStorage
{
/**
* @addtogroup internalPGTStorageDB
* @{
*/
/**
* a string representing a PEAR DB URL to connect to the database. Written by
* PGTStorageDB::PGTStorageDB(), read by getURL().
*
* @hideinitializer
* @private
*/
var $_url='';
/**
* This method returns the PEAR DB URL to use to connect to the database.
*
* @return string PEAR DB URL
*
* @private
*/
function getURL()
{
return $this->_url;
}
/**
* The handle of the connection to the database where PGT's are stored. Written by
* PGTStorageDB::init(), read by getLink().
*
* @hideinitializer
* @private
*/
var $_link = null;
/**
* This method returns the handle of the connection to the database where PGT's are
* stored.
*
* @return a handle of connection.
*
* @private
*/
function getLink()
{
return $this->_link;
}
/**
* The name of the table where PGT's are stored. Written by
* PGTStorageDB::PGTStorageDB(), read by getTable().
*
* @hideinitializer
* @private
*/
var $_table = '';
/**
* This method returns the name of the table where PGT's are stored.
*
* @return string name of a table.
*
* @private
*/
function getTable()
{
return $this->_table;
}
// ########################################################################
// DEBUGGING
// ########################################################################
/**
* This method returns an informational string giving the type of storage
* used by the object (used for debugging purposes).
*
* @return string informational string.
* @public
*/
function getStorageType()
{
return "database";
}
/**
* This method returns an informational string giving informations on the
* parameters of the storage.(used for debugging purposes).
*
* @public
*/
function getStorageInfo()
{
return 'url=`'.$this->getURL().'\', table=`'.$this->getTable().'\'';
}
// ########################################################################
// CONSTRUCTOR
// ########################################################################
/**
* The class constructor, called by CASClient::SetPGTStorageDB().
*
* @param CASClient $cas_parent the CASClient instance that creates the object.
* @param $user the user to access the data with
* @param $password the user's password
* @param $database_type the type of the database hosting the data
* @param $hostname the server hosting the database
* @param $port the port the server is listening on
* @param $database the name of the database
* @param $table the name of the table storing the data
*
* @public
*/
function PGTStorageDB($cas_parent,$user,$password,$database_type,$hostname,$port,$database,$table)
{
phpCAS::traceBegin();
// call the ancestor's constructor
$this->PGTStorage($cas_parent);
if ( empty($database_type) ) $database_type = CAS_PGT_STORAGE_DB_DEFAULT_DATABASE_TYPE;
if ( empty($hostname) ) $hostname = CAS_PGT_STORAGE_DB_DEFAULT_HOSTNAME;
if ( $port==0 ) $port = CAS_PGT_STORAGE_DB_DEFAULT_PORT;
if ( empty($database) ) $database = CAS_PGT_STORAGE_DB_DEFAULT_DATABASE;
if ( empty($table) ) $table = CAS_PGT_STORAGE_DB_DEFAULT_TABLE;
// build and store the PEAR DB URL
$this->_url = $database_type.':'.'//'.$user.':'.$password.'@'.$hostname.':'.$port.'/'.$database;
// XXX should use setURL and setTable
phpCAS::traceEnd();
}
// ########################################################################
// INITIALIZATION
// ########################################################################
/**
* This method is used to initialize the storage. Halts on error.
*
* @public
*/
function init()
{
phpCAS::traceBegin();
// if the storage has already been initialized, return immediatly
if ( $this->isInitialized() )
return;
// call the ancestor's method (mark as initialized)
parent::init();
//include phpDB library (the test was introduced in release 0.4.8 for
//the integration into Tikiwiki).
if (!class_exists('DB')) {
include_once('DB.php');
}
// try to connect to the database
$this->_link = DB::connect($this->getURL());
if ( DB::isError($this->_link) ) {
phpCAS::error('could not connect to database ('.DB::errorMessage($this->_link).')');
}
// Dump into trace
var_dump($this->_link);
phpCAS::traceBEnd();
}
/** @} */
}
?>

276
main/auth/cas/lib/CAS/PGTStorage/pgt-file.php
Unescape View File

@ -1,276 +0,0 @@
<?php
/*
* Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* * Neither the name of the ESUP-Portail consortium & the JA-SIG
* Collaborative nor the names of its contributors may be used to endorse or
* promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file CAS/PGTStorage/pgt-file.php
* Basic class for PGT file storage
*/
/**
* @class PGTStorageFile
* The PGTStorageFile class is a class for PGT file storage. An instance of
* this class is returned by CASClient::SetPGTStorageFile().
*
* @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
*
* @ingroup internalPGTStorageFile
*/
class PGTStorageFile extends PGTStorage
{
/**
* @addtogroup internalPGTStorageFile
* @{
*/
/**
* a string telling where PGT's should be stored on the filesystem. Written by
* PGTStorageFile::PGTStorageFile(), read by getPath().
*
* @private
*/
var $_path;
/**
* This method returns the name of the directory where PGT's should be stored
* on the filesystem.
*
* @return the name of a directory (with leading and trailing '/')
*
* @private
*/
function getPath()
{
return $this->_path;
}
/**
* a string telling the format to use to store PGT's (plain or xml). Written by
* PGTStorageFile::PGTStorageFile(), read by getFormat().
*
* @private
*/
var $_format;
/**
* This method returns the format to use when storing PGT's on the filesystem.
*
* @return a string corresponding to the format used (plain or xml).
*
* @private
*/
function getFormat()
{
return $this->_format;
}
// ########################################################################
// DEBUGGING
// ########################################################################
/**
* This method returns an informational string giving the type of storage
* used by the object (used for debugging purposes).
*
* @return string informational string.
* @public
*/
function getStorageType()
{
return "file";
}
/**
* This method returns an informational string giving informations on the
* parameters of the storage.(used for debugging purposes).
*
* @return string informational string.
* @public
*/
function getStorageInfo()
{
return 'path=`'.$this->getPath().'\', format=`'.$this->getFormat().'\'';
}
// ########################################################################
// CONSTRUCTOR
// ########################################################################
/**
* The class constructor, called by CASClient::SetPGTStorageFile().
*
* @param CASClient $cas_parent the CASClient instance that creates the object.
* @param string $format the format used to store the PGT's (`plain' and `xml' allowed).
* @param string $path the path where the PGT's should be stored
*
* @public
*/
function PGTStorageFile($cas_parent,$format,$path)
{
phpCAS::traceBegin();
// call the ancestor's constructor
$this->PGTStorage($cas_parent);
if (empty($format) ) $format = CAS_PGT_STORAGE_FILE_DEFAULT_FORMAT;
if (empty($path) ) $path = CAS_PGT_STORAGE_FILE_DEFAULT_PATH;
// check that the path is an absolute path
if (getenv("OS")=="Windows_NT"){
if (!preg_match('`^[a-zA-Z]:`', $path)) {
phpCAS::error('an absolute path is needed for PGT storage to file');
}
}
else
{
if ( $path[0] != '/' ) {
phpCAS::error('an absolute path is needed for PGT storage to file');
}
// store the path (with a leading and trailing '/')
$path = preg_replace('|[/]*$|','/',$path);
$path = preg_replace('|^[/]*|','/',$path);
}
$this->_path = $path;
// check the format and store it
switch ($format) {
case CAS_PGT_STORAGE_FILE_FORMAT_PLAIN:
case CAS_PGT_STORAGE_FILE_FORMAT_XML:
$this->_format = $format;
break;
default:
phpCAS::error('unknown PGT file storage format (`'.CAS_PGT_STORAGE_FILE_FORMAT_PLAIN.'\' and `'.CAS_PGT_STORAGE_FILE_FORMAT_XML.'\' allowed)');
}
phpCAS::traceEnd();
}
// ########################################################################
// INITIALIZATION
// ########################################################################
/**
* This method is used to initialize the storage. Halts on error.
*
* @public
*/
function init()
{
phpCAS::traceBegin();
// if the storage has already been initialized, return immediatly
if ( $this->isInitialized() )
return;
// call the ancestor's method (mark as initialized)
parent::init();
phpCAS::traceEnd();
}
// ########################################################################
// PGT I/O
// ########################################################################
/**
* This method returns the filename corresponding to a PGT Iou.
*
* @param $pgt_iou the PGT iou.
*
* @return string filename
* @private
*/
function getPGTIouFilename($pgt_iou)
{
phpCAS::traceBegin();
$filename = $this->getPath().$pgt_iou.'.'.$this->getFormat();
phpCAS::traceEnd($filename);
return $filename;
}
/**
* This method stores a PGT and its corresponding PGT Iou into a file. Echoes a
* warning on error.
*
* @param $pgt the PGT
* @param $pgt_iou the PGT iou
*
* @public
*/
function write($pgt,$pgt_iou)
{
phpCAS::traceBegin();
$fname = $this->getPGTIouFilename($pgt_iou);
if ( $f=fopen($fname,"w") ) {
if ( fputs($f,$pgt) === FALSE ) {
phpCAS::error('could not write PGT to `'.$fname.'\'');
}
fclose($f);
} else {
phpCAS::error('could not open `'.$fname.'\'');
}
phpCAS::traceEnd();
}
/**
* This method reads a PGT corresponding to a PGT Iou and deletes the
* corresponding file.
*
* @param $pgt_iou the PGT iou
*
* @return false|string corresponding PGT, or FALSE on error
*
* @public
*/
function read($pgt_iou)
{
phpCAS::traceBegin();
$pgt = FALSE;
$fname = $this->getPGTIouFilename($pgt_iou);
if ( !($f=fopen($fname,"r")) ) {
phpCAS::trace('could not open `'.$fname.'\'');
} else {
if ( ($pgt=fgets($f)) === FALSE ) {
phpCAS::trace('could not read PGT from `'.$fname.'\'');
}
fclose($f);
}
// delete the PGT file
@unlink($fname);
phpCAS::traceEnd($pgt);
return $pgt;
}
/** @} */
}
?>

215
main/auth/cas/lib/CAS/PGTStorage/pgt-main.php
Unescape View File

@ -1,215 +0,0 @@
<?php
/*
* Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* * Neither the name of the ESUP-Portail consortium & the JA-SIG
* Collaborative nor the names of its contributors may be used to endorse or
* promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file CAS/PGTStorage/pgt-main.php
* Basic class for PGT storage
*/
/**
* @class PGTStorage
* The PGTStorage class is a generic class for PGT storage. This class should
* not be instanciated itself but inherited by specific PGT storage classes.
*
* @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
*
* @ingroup internalPGTStorage
*/
class PGTStorage
{
/**
* @addtogroup internalPGTStorage
* @{
*/
// ########################################################################
// CONSTRUCTOR
// ########################################################################
/**
* The constructor of the class, should be called only by inherited classes.
*
* @param $cas_parent the CASclient instance that creates the current object.
*
* @protected
*/
function PGTStorage($cas_parent)
{
phpCAS::traceBegin();
if ( !$cas_parent->isProxy() ) {
phpCAS::error('defining PGT storage makes no sense when not using a CAS proxy');
}
phpCAS::traceEnd();
}
// ########################################################################
// DEBUGGING
// ########################################################################
/**
* This virtual method returns an informational string giving the type of storage
* used by the object (used for debugging purposes).
*
* @public
*/
function getStorageType()
{
phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
}
/**
* This virtual method returns an informational string giving informations on the
* parameters of the storage.(used for debugging purposes).
*
* @public
*/
function getStorageInfo()
{
phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
}
// ########################################################################
// ERROR HANDLING
// ########################################################################
/**
* string used to store an error message. Written by PGTStorage::setErrorMessage(),
* read by PGTStorage::getErrorMessage().
*
* @hideinitializer
* @private
* @deprecated not used.
*/
var $_error_message=FALSE;
/**
* This method sets en error message, which can be read later by
* PGTStorage::getErrorMessage().
*
* @param $error_message an error message
*
* @protected
* @deprecated not used.
*/
function setErrorMessage($error_message)
{
$this->_error_message = $error_message;
}
/**
* This method returns an error message set by PGTStorage::setErrorMessage().
*
* @return boolean error message when set by PGTStorage::setErrorMessage(), FALSE
* otherwise.
*
* @public
* @deprecated not used.
*/
function getErrorMessage()
{
return $this->_error_message;
}
// ########################################################################
// INITIALIZATION
// ########################################################################
/**
* a boolean telling if the storage has already been initialized. Written by
* PGTStorage::init(), read by PGTStorage::isInitialized().
*
* @hideinitializer
* @private
*/
var $_initialized = FALSE;
/**
* This method tells if the storage has already been intialized.
*
* @return boolean boolean
*
* @protected
*/
function isInitialized()
{
return $this->_initialized;
}
/**
* This virtual method initializes the object.
*
* @protected
*/
function init()
{
$this->_initialized = TRUE;
}
// ########################################################################
// PGT I/O
// ########################################################################
/**
* This virtual method stores a PGT and its corresponding PGT Iuo.
* @note Should never be called.
*
* @param $pgt the PGT
* @param $pgt_iou the PGT iou
*
* @protected
*/
function write($pgt,$pgt_iou)
{
phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
}
/**
* This virtual method reads a PGT corresponding to a PGT Iou and deletes
* the corresponding storage entry.
* @note Should never be called.
*
* @param $pgt_iou the PGT iou
*
* @protected
*/
function read($pgt_iou)
{
phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
}
/** @} */
}
// include specific PGT storage classes
include_once __DIR__.'/pgt-file.php';
include_once __DIR__.'/pgt-db.php';
?>

2774
main/auth/cas/lib/CAS/client.php
View File

File diff suppressed because it is too large Load Diff

881
main/auth/cas/lib/CAS/domxml-php4-to-php5.php
Unescape View File

@ -1,881 +0,0 @@
<?php
/*
Requires PHP5, uses built-in DOM extension.
To be used in PHP4 scripts using DOMXML extension: allows PHP4/DOMXML scripts to run on PHP5/DOM.
(Optional: requires PHP5/XSL extension for domxml_xslt functions, PHP>=5.1 for XPath evaluation functions, and PHP>=5.1/libxml for DOMXML error reports)
Typical use:
{
if (PHP_VERSION>='5')
require_once('domxml-php4-to-php5.php');
}
Version 1.21, 2008-12-05, http://alexandre.alapetite.net/doc-alex/domxml-php4-php5/
------------------------------------------------------------------
Written by Alexandre Alapetite, http://alexandre.alapetite.net/cv/
Copyright 2004-2008, GNU Lesser General Public License,
http://www.gnu.org/licenses/lgpl.html
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/lgpl.html>
== Rights and obligations ==
- Attribution: You must give the original author credit.
- Share Alike: If you alter or transform this library,
you may distribute the resulting library only under the same license GNU/LGPL.
- In case of jurisdiction dispute, the French law is authoritative.
- Any of these conditions can be waived if you get permission from Alexandre Alapetite.
- Not required, but please send to Alexandre Alapetite the modifications you make,
in order to improve this file for the benefit of everybody.
If you want to distribute this code, please do it as a link to:
http://alexandre.alapetite.net/doc-alex/domxml-php4-php5/
*/
define('DOMXML_LOAD_PARSING', 0);
define('DOMXML_LOAD_VALIDATING', 1);
define('DOMXML_LOAD_RECOVERING', 2);
define('DOMXML_LOAD_SUBSTITUTE_ENTITIES', 4);
//define('DOMXML_LOAD_COMPLETE_ATTRS',8);
define('DOMXML_LOAD_DONT_KEEP_BLANKS', 16);
function domxml_new_doc($version)
{
return new php4DOMDocument();
}
function domxml_new_xmldoc($version)
{
return new php4DOMDocument();
}
function domxml_open_file($filename, $mode = DOMXML_LOAD_PARSING, &$error = null)
{
$dom = new php4DOMDocument($mode);
$errorMode = (func_num_args() > 2) && defined('LIBXML_VERSION');
if ($errorMode) {
libxml_use_internal_errors(true);
}
if (!$dom->myDOMNode->load($filename)) {
$dom = null;
}
if ($errorMode) {
$error = array_map('_error_report', libxml_get_errors());
libxml_clear_errors();
}
return $dom;
}
function domxml_open_mem($str, $mode = DOMXML_LOAD_PARSING, &$error = null)
{
$dom = new php4DOMDocument($mode);
$errorMode = (func_num_args() > 2) && defined('LIBXML_VERSION');
if ($errorMode) {
libxml_use_internal_errors(true);
}
if (!$dom->myDOMNode->loadXML($str)) {
$dom = null;
}
if ($errorMode) {
$error = array_map('_error_report', libxml_get_errors());
libxml_clear_errors();
}
return $dom;
}
function html_doc($html_doc, $from_file = false)
{
$dom = new php4DOMDocument();
if ($from_file) {
$result = $dom->myDOMNode->loadHTMLFile($html_doc);
} else {
$result = $dom->myDOMNode->loadHTML($html_doc);
}
return $result ? $dom : null;
}
function html_doc_file($filename)
{
return html_doc($filename, true);
}
function xmldoc($str)
{
return domxml_open_mem($str);
}
function xmldocfile($filename)
{
return domxml_open_file($filename);
}
function xpath_eval($xpath_context, $eval_str, $contextnode = null)
{
return $xpath_context->xpath_eval($eval_str, $contextnode);
}
function xpath_new_context($dom_document)
{
return new php4DOMXPath($dom_document);
}
function xpath_register_ns($xpath_context, $prefix, $namespaceURI)
{
return $xpath_context->myDOMXPath->registerNamespace($prefix, $namespaceURI);
}
function _entityDecode($text)
{
return html_entity_decode(strtr($text, array('&apos;' => '\'')), ENT_QUOTES, 'UTF-8');
}
function _error_report($error)
{
return array(
'errormessage' => $error->message,
'nodename' => '',
'line' => $error->line,
'col' => $error->column
) + ($error->file == '' ? array() : array('directory' => dirname($error->file), 'file' => basename($error->file)));
}
class php4DOMAttr extends php4DOMNode
{
function __get($name)
{
if ($name === 'name') {
return $this->myDOMNode->name;
} else {
return parent::__get($name);
}
}
function name()
{
return $this->myDOMNode->name;
}
function set_content($text)
{
}
//function set_value($content) {return $this->myDOMNode->value=htmlspecialchars($content,ENT_QUOTES);}
function specified()
{
return $this->myDOMNode->specified;
}
function value()
{
return $this->myDOMNode->value;
}
}
class php4DOMDocument extends php4DOMNode
{
function php4DOMDocument($mode = DOMXML_LOAD_PARSING)
{
$this->myDOMNode = new DOMDocument();
$this->myOwnerDocument = $this;
if ($mode & DOMXML_LOAD_VALIDATING) {
$this->myDOMNode->validateOnParse = true;
}
if ($mode & DOMXML_LOAD_RECOVERING) {
$this->myDOMNode->recover = true;
}
if ($mode & DOMXML_LOAD_SUBSTITUTE_ENTITIES) {
$this->myDOMNode->substituteEntities = true;
}
if ($mode & DOMXML_LOAD_DONT_KEEP_BLANKS) {
$this->myDOMNode->preserveWhiteSpace = false;
}
}
function add_root($name)
{
if ($this->myDOMNode->hasChildNodes()) {
$this->myDOMNode->removeChild($this->myDOMNode->firstChild);
}
return new php4DOMElement($this->myDOMNode->appendChild($this->myDOMNode->createElement($name)),
$this->myOwnerDocument);
}
function create_attribute($name, $value)
{
$myAttr = $this->myDOMNode->createAttribute($name);
$myAttr->value = htmlspecialchars($value, ENT_QUOTES);
return new php4DOMAttr($myAttr, $this);
}
function create_cdata_section($content)
{
return new php4DOMNode($this->myDOMNode->createCDATASection($content), $this);
}
function create_comment($data)
{
return new php4DOMNode($this->myDOMNode->createComment($data), $this);
}
function create_element($name)
{
return new php4DOMElement($this->myDOMNode->createElement($name), $this);
}
function create_element_ns($uri, $name, $prefix = null)
{
if ($prefix == null) {
$prefix = $this->myDOMNode->lookupPrefix($uri);
}
if (($prefix == null) && (($this->myDOMNode->documentElement == null) || (!$this->myDOMNode->documentElement->isDefaultNamespace($uri)))) {
$prefix = 'a' . sprintf('%u', crc32($uri));
}
return new php4DOMElement($this->myDOMNode->createElementNS($uri,
$prefix == null ? $name : $prefix . ':' . $name), $this);
}
function create_entity_reference($content)
{
return new php4DOMNode($this->myDOMNode->createEntityReference($content), $this);
} //By Walter Ebert 2007-01-22
function create_processing_instruction($target, $data = '')
{
return new php4DomProcessingInstruction($this->myDOMNode->createProcessingInstruction($target, $data), $this);
}
function create_text_node($content)
{
return new php4DOMText($this->myDOMNode->createTextNode($content), $this);
}
function document_element()
{
return parent::_newDOMElement($this->myDOMNode->documentElement, $this);
}
function dump_file($filename, $compressionmode = false, $format = false)
{
$format0 = $this->myDOMNode->formatOutput;
$this->myDOMNode->formatOutput = $format;
$res = $this->myDOMNode->save($filename);
$this->myDOMNode->formatOutput = $format0;
return $res;
}
function dump_mem($format = false, $encoding = false)
{
$format0 = $this->myDOMNode->formatOutput;
$this->myDOMNode->formatOutput = $format;
$encoding0 = $this->myDOMNode->encoding;
if ($encoding) {
$this->myDOMNode->encoding = $encoding;
}
$dump = $this->myDOMNode->saveXML();
$this->myDOMNode->formatOutput = $format0;
if ($encoding) {
$this->myDOMNode->encoding = $encoding0 == '' ? 'UTF-8' : $encoding0;
} //UTF-8 is XML default encoding
return $dump;
}
function free()
{
if ($this->myDOMNode->hasChildNodes()) {
$this->myDOMNode->removeChild($this->myDOMNode->firstChild);
}
$this->myDOMNode = null;
$this->myOwnerDocument = null;
}
function get_element_by_id($id)
{
return parent::_newDOMElement($this->myDOMNode->getElementById($id), $this);
}
function get_elements_by_tagname($name)
{
$myDOMNodeList = $this->myDOMNode->getElementsByTagName($name);
$nodeSet = array();
$i = 0;
if (isset($myDOMNodeList)) {
while ($node = $myDOMNodeList->item($i++)) {
$nodeSet[] = new php4DOMElement($node, $this);
}
}
return $nodeSet;
}
function html_dump_mem()
{
return $this->myDOMNode->saveHTML();
}
function root()
{
return parent::_newDOMElement($this->myDOMNode->documentElement, $this);
}
function xinclude()
{
return $this->myDOMNode->xinclude();
}
function xpath_new_context()
{
return new php4DOMXPath($this);
}
}
class php4DOMElement extends php4DOMNode
{
function add_namespace($uri, $prefix)
{
if ($this->myDOMNode->hasAttributeNS('http://www.w3.org/2000/xmlns/', $prefix)) {
return false;
} else {
$this->myDOMNode->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:' . $prefix,
$uri); //By Daniel Walker 2006-09-08
return true;
}
}
function get_attribute($name)
{
return $this->myDOMNode->getAttribute($name);
}
function get_attribute_node($name)
{
return parent::_newDOMElement($this->myDOMNode->getAttributeNode($name), $this->myOwnerDocument);
}
function get_elements_by_tagname($name)
{
$myDOMNodeList = $this->myDOMNode->getElementsByTagName($name);
$nodeSet = array();
$i = 0;
if (isset($myDOMNodeList)) {
while ($node = $myDOMNodeList->item($i++)) {
$nodeSet[] = new php4DOMElement($node, $this->myOwnerDocument);
}
}
return $nodeSet;
}
function has_attribute($name)
{
return $this->myDOMNode->hasAttribute($name);
}
function remove_attribute($name)
{
return $this->myDOMNode->removeAttribute($name);
}
function set_attribute($name, $value)
{
//return $this->myDOMNode->setAttribute($name,$value); //Does not return a DomAttr
$myAttr = $this->myDOMNode->ownerDocument->createAttribute($name);
$myAttr->value = htmlspecialchars($value, ENT_QUOTES); //Entity problem reported by AL-DesignWorks 2007-09-07
$this->myDOMNode->setAttributeNode($myAttr);
return new php4DOMAttr($myAttr, $this->myOwnerDocument);
}
/*function set_attribute_node($attr)
{
$this->myDOMNode->setAttributeNode($this->_importNode($attr));
return $attr;
}*/
function set_name($name)
{
if ($this->myDOMNode->prefix == '') {
$newNode = $this->myDOMNode->ownerDocument->createElement($name);
} else {
$newNode = $this->myDOMNode->ownerDocument->createElementNS($this->myDOMNode->namespaceURI,
$this->myDOMNode->prefix . ':' . $name);
}
$myDOMNodeList = $this->myDOMNode->attributes;
$i = 0;
if (isset($myDOMNodeList)) {
while ($node = $myDOMNodeList->item($i++)) {
if ($node->namespaceURI == '') {
$newNode->setAttribute($node->name, $node->value);
} else {
$newNode->setAttributeNS($node->namespaceURI, $node->nodeName, $node->value);
}
}
}
$myDOMNodeList = $this->myDOMNode->childNodes;
if (isset($myDOMNodeList)) {
while ($node = $myDOMNodeList->item(0)) {
$newNode->appendChild($node);
}
}
$this->myDOMNode->parentNode->replaceChild($newNode, $this->myDOMNode);
$this->myDOMNode = $newNode;
return true;
}
function tagname()
{
return $this->tagname;
}
}
class php4DOMNode
{
public $myDOMNode;
public $myOwnerDocument;
function php4DOMNode($aDomNode, $aOwnerDocument)
{
$this->myDOMNode = $aDomNode;
$this->myOwnerDocument = $aOwnerDocument;
}
function __get($name)
{
switch ($name) {
case 'type':
return $this->myDOMNode->nodeType;
case 'tagname':
return ($this->myDOMNode->nodeType === XML_ELEMENT_NODE) ? $this->myDOMNode->localName : $this->myDOMNode->tagName; //Avoid namespace prefix for DOMElement
case 'content':
return $this->myDOMNode->textContent;
case 'value':
return $this->myDOMNode->value;
default:
$myErrors = debug_backtrace();
trigger_error('Undefined property: ' . get_class($this) . '::$' . $name . ' [' . $myErrors[0]['file'] . ':' . $myErrors[0]['line'] . ']',
E_USER_NOTICE);
return false;
}
}
function add_child($newnode)
{
return append_child($newnode);
}
function add_namespace($uri, $prefix)
{
return false;
}
function append_child($newnode)
{
return self::_newDOMElement($this->myDOMNode->appendChild($this->_importNode($newnode)),
$this->myOwnerDocument);
}
function append_sibling($newnode)
{
return self::_newDOMElement($this->myDOMNode->parentNode->appendChild($this->_importNode($newnode)),
$this->myOwnerDocument);
}
function attributes()
{
$myDOMNodeList = $this->myDOMNode->attributes;
if (!(isset($myDOMNodeList) && $this->myDOMNode->hasAttributes())) {
return null;
}
$nodeSet = array();
$i = 0;
while ($node = $myDOMNodeList->item($i++)) {
$nodeSet[] = new php4DOMAttr($node, $this->myOwnerDocument);
}
return $nodeSet;
}
function child_nodes()
{
$myDOMNodeList = $this->myDOMNode->childNodes;
$nodeSet = array();
$i = 0;
if (isset($myDOMNodeList)) {
while ($node = $myDOMNodeList->item($i++)) {
$nodeSet[] = self::_newDOMElement($node, $this->myOwnerDocument);
}
}
return $nodeSet;
}
function children()
{
return $this->child_nodes();
}
function clone_node($deep = false)
{
return self::_newDOMElement($this->myDOMNode->cloneNode($deep), $this->myOwnerDocument);
}
//dump_node($node) should only be called on php4DOMDocument
function dump_node($node = null)
{
return $node == null ? $this->myOwnerDocument->myDOMNode->saveXML($this->myDOMNode) : $this->myOwnerDocument->myDOMNode->saveXML($node->myDOMNode);
}
function first_child()
{
return self::_newDOMElement($this->myDOMNode->firstChild, $this->myOwnerDocument);
}
function get_content()
{
return $this->myDOMNode->textContent;
}
function has_attributes()
{
return $this->myDOMNode->hasAttributes();
}
function has_child_nodes()
{
return $this->myDOMNode->hasChildNodes();
}
function insert_before($newnode, $refnode)
{
return self::_newDOMElement($this->myDOMNode->insertBefore($this->_importNode($newnode),
$refnode == null ? null : $refnode->myDOMNode), $this->myOwnerDocument);
}
function is_blank_node()
{
return ($this->myDOMNode->nodeType === XML_TEXT_NODE) && preg_match('%^\s*$%', $this->myDOMNode->nodeValue);
}
function last_child()
{
return self::_newDOMElement($this->myDOMNode->lastChild, $this->myOwnerDocument);
}
function new_child($name, $content)
{
$mySubNode = $this->myDOMNode->ownerDocument->createElement($name);
$mySubNode->appendChild($this->myDOMNode->ownerDocument->createTextNode(_entityDecode($content)));
$this->myDOMNode->appendChild($mySubNode);
return new php4DOMElement($mySubNode, $this->myOwnerDocument);
}
function next_sibling()
{
return self::_newDOMElement($this->myDOMNode->nextSibling, $this->myOwnerDocument);
}
function node_name()
{
return ($this->myDOMNode->nodeType === XML_ELEMENT_NODE) ? $this->myDOMNode->localName : $this->myDOMNode->nodeName;
} //Avoid namespace prefix for DOMElement
function node_type()
{
return $this->myDOMNode->nodeType;
}
function node_value()
{
return $this->myDOMNode->nodeValue;
}
function owner_document()
{
return $this->myOwnerDocument;
}
function parent_node()
{
return self::_newDOMElement($this->myDOMNode->parentNode, $this->myOwnerDocument);
}
function prefix()
{
return $this->myDOMNode->prefix;
}
function previous_sibling()
{
return self::_newDOMElement($this->myDOMNode->previousSibling, $this->myOwnerDocument);
}
function remove_child($oldchild)
{
return self::_newDOMElement($this->myDOMNode->removeChild($oldchild->myDOMNode), $this->myOwnerDocument);
}
function replace_child($newnode, $oldnode)
{
return self::_newDOMElement($this->myDOMNode->replaceChild($this->_importNode($newnode), $oldnode->myDOMNode),
$this->myOwnerDocument);
}
function replace_node($newnode)
{
return self::_newDOMElement($this->myDOMNode->parentNode->replaceChild($this->_importNode($newnode),
$this->myDOMNode), $this->myOwnerDocument);
}
function set_content($text)
{
return $this->myDOMNode->appendChild($this->myDOMNode->ownerDocument->createTextNode(_entityDecode($text)));
} //Entity problem reported by AL-DesignWorks 2007-09-07
//function set_name($name) {return $this->myOwnerDocument->renameNode($this->myDOMNode,$this->myDOMNode->namespaceURI,$name);}
function set_namespace($uri, $prefix = null)
{//Contributions by Daniel Walker 2006-09-08
$nsprefix = $this->myDOMNode->lookupPrefix($uri);
if ($nsprefix == null) {
$nsprefix = $prefix == null ? $nsprefix = 'a' . sprintf('%u', crc32($uri)) : $prefix;
if ($this->myDOMNode->nodeType === XML_ATTRIBUTE_NODE) {
if (($prefix != null) && $this->myDOMNode->ownerElement->hasAttributeNS('http://www.w3.org/2000/xmlns/',
$nsprefix) &&
($this->myDOMNode->ownerElement->getAttributeNS('http://www.w3.org/2000/xmlns/', $nsprefix) != $uri)
) {//Remove namespace
$parent = $this->myDOMNode->ownerElement;
$parent->removeAttributeNode($this->myDOMNode);
$parent->setAttribute($this->myDOMNode->localName, $this->myDOMNode->nodeValue);
$this->myDOMNode = $parent->getAttributeNode($this->myDOMNode->localName);
return;
}
$this->myDOMNode->ownerElement->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:' . $nsprefix,
$uri);
}
}
if ($this->myDOMNode->nodeType === XML_ATTRIBUTE_NODE) {
$parent = $this->myDOMNode->ownerElement;
$parent->removeAttributeNode($this->myDOMNode);
$parent->setAttributeNS($uri, $nsprefix . ':' . $this->myDOMNode->localName, $this->myDOMNode->nodeValue);
$this->myDOMNode = $parent->getAttributeNodeNS($uri, $this->myDOMNode->localName);
} elseif ($this->myDOMNode->nodeType === XML_ELEMENT_NODE) {
$NewNode = $this->myDOMNode->ownerDocument->createElementNS($uri,
$nsprefix . ':' . $this->myDOMNode->localName);
foreach ($this->myDOMNode->attributes as $n) {
$NewNode->appendChild($n->cloneNode(true));
}
foreach ($this->myDOMNode->childNodes as $n) {
$NewNode->appendChild($n->cloneNode(true));
}
$xpath = new DOMXPath($this->myDOMNode->ownerDocument);
$myDOMNodeList = $xpath->query('namespace::*[name()!="xml"]', $this->myDOMNode); //Add old namespaces
foreach ($myDOMNodeList as $n) {
$NewNode->setAttributeNS('http://www.w3.org/2000/xmlns/', $n->nodeName, $n->nodeValue);
}
$this->myDOMNode->parentNode->replaceChild($NewNode, $this->myDOMNode);
$this->myDOMNode = $NewNode;
}
}
function unlink_node()
{
if ($this->myDOMNode->parentNode != null) {
if ($this->myDOMNode->nodeType === XML_ATTRIBUTE_NODE) {
$this->myDOMNode->parentNode->removeAttributeNode($this->myDOMNode);
} else {
$this->myDOMNode->parentNode->removeChild($this->myDOMNode);
}
}
}
protected function _importNode($newnode)
{
return $this->myOwnerDocument === $newnode->myOwnerDocument ? $newnode->myDOMNode : $this->myOwnerDocument->myDOMNode->importNode($newnode->myDOMNode,
true);
} //To import DOMNode from another DOMDocument
static function _newDOMElement($aDOMNode, $aOwnerDocument)
{//Check the PHP5 DOMNode before creating a new associated PHP4 DOMNode wrapper
if ($aDOMNode == null) {
return null;
}
switch ($aDOMNode->nodeType) {
case XML_ELEMENT_NODE:
return new php4DOMElement($aDOMNode, $aOwnerDocument);
case XML_TEXT_NODE:
return new php4DOMText($aDOMNode, $aOwnerDocument);
case XML_ATTRIBUTE_NODE:
return new php4DOMAttr($aDOMNode, $aOwnerDocument);
case XML_PI_NODE:
return new php4DomProcessingInstruction($aDOMNode, $aOwnerDocument);
default:
return new php4DOMNode($aDOMNode, $aOwnerDocument);
}
}
}
class php4DomProcessingInstruction extends php4DOMNode
{
function data()
{
return $this->myDOMNode->data;
}
function target()
{
return $this->myDOMNode->target;
}
}
class php4DOMText extends php4DOMNode
{
function __get($name)
{
if ($name === 'tagname') {
return '#text';
} else {
return parent::__get($name);
}
}
function tagname()
{
return '#text';
}
function set_content($text)
{
$this->myDOMNode->nodeValue = $text;
return true;
}
}
if (!defined('XPATH_NODESET')) {
define('XPATH_UNDEFINED', 0);
define('XPATH_NODESET', 1);
define('XPATH_BOOLEAN', 2);
define('XPATH_NUMBER', 3);
define('XPATH_STRING', 4);
/*define('XPATH_POINT',5);
define('XPATH_RANGE',6);
define('XPATH_LOCATIONSET',7);
define('XPATH_USERS',8);
define('XPATH_XSLT_TREE',9);*/
}
class php4DOMNodelist
{
private $myDOMNodelist;
public $nodeset;
public $type = XPATH_UNDEFINED;
public $value;
function php4DOMNodelist($aDOMNodelist, $aOwnerDocument)
{
if (!isset($aDOMNodelist)) {
return;
} elseif (is_object($aDOMNodelist) || is_array($aDOMNodelist)) {
if ($aDOMNodelist->length > 0) {
$this->myDOMNodelist = $aDOMNodelist;
$this->nodeset = array();
$this->type = XPATH_NODESET;
$i = 0;
while ($node = $this->myDOMNodelist->item($i++)) {
$this->nodeset[] = php4DOMNode::_newDOMElement($node, $aOwnerDocument);
}
}
} elseif (is_int($aDOMNodelist) || is_float($aDOMNodelist)) {
$this->type = XPATH_NUMBER;
$this->value = $aDOMNodelist;
} elseif (is_bool($aDOMNodelist)) {
$this->type = XPATH_BOOLEAN;
$this->value = $aDOMNodelist;
} elseif (is_string($aDOMNodelist)) {
$this->type = XPATH_STRING;
$this->value = $aDOMNodelist;
}
}
}
class php4DOMXPath
{
public $myDOMXPath;
private $myOwnerDocument;
function php4DOMXPath($dom_document)
{
//TODO: If $dom_document is a DomElement, make that default $contextnode and modify XPath. Ex: '/test'
$this->myOwnerDocument = $dom_document->myOwnerDocument;
$this->myDOMXPath = new DOMXPath($this->myOwnerDocument->myDOMNode);
}
function xpath_eval($eval_str, $contextnode = null)
{
if (method_exists($this->myDOMXPath, 'evaluate')) {
$xp = isset($contextnode) ? $this->myDOMXPath->evaluate($eval_str,
$contextnode->myDOMNode) : $this->myDOMXPath->evaluate($eval_str);
} else {
$xp = isset($contextnode) ? $this->myDOMXPath->query($eval_str,
$contextnode->myDOMNode) : $this->myDOMXPath->query($eval_str);
}
$xp = new php4DOMNodelist($xp, $this->myOwnerDocument);
return ($xp->type === XPATH_UNDEFINED) ? false : $xp;
}
function xpath_register_ns($prefix, $namespaceURI)
{
return $this->myDOMXPath->registerNamespace($prefix, $namespaceURI);
}
}
if (extension_loaded('xsl')) {//See also: http://alexandre.alapetite.net/doc-alex/xslt-php4-php5/
function domxml_xslt_stylesheet($xslstring)
{
return new php4DomXsltStylesheet(DOMDocument::loadXML($xslstring));
}
function domxml_xslt_stylesheet_doc($dom_document)
{
return new php4DomXsltStylesheet($dom_document);
}
function domxml_xslt_stylesheet_file($xslfile)
{
return new php4DomXsltStylesheet(DOMDocument::load($xslfile));
}
class php4DomXsltStylesheet
{
private $myxsltProcessor;
function php4DomXsltStylesheet($dom_document)
{
$this->myxsltProcessor = new xsltProcessor();
$this->myxsltProcessor->importStyleSheet($dom_document);
}
function process($dom_document, $xslt_parameters = array(), $param_is_xpath = false)
{
foreach ($xslt_parameters as $param => $value) {
$this->myxsltProcessor->setParameter('', $param, $value);
}
$myphp4DOMDocument = new php4DOMDocument();
$myphp4DOMDocument->myDOMNode = $this->myxsltProcessor->transformToDoc($dom_document->myDOMNode);
return $myphp4DOMDocument;
}
function result_dump_file($dom_document, $filename)
{
$html = $dom_document->myDOMNode->saveHTML();
file_put_contents($filename, $html);
return $html;
}
function result_dump_mem($dom_document)
{
return $dom_document->myDOMNode->saveHTML();
}
}
}

27
main/auth/cas/lib/CAS/languages/catalan.php
Unescape View File

@ -1,27 +0,0 @@
<?php
/**
* @file languages/spanish.php
* @author Iván-Benjamín García Torà <ivaniclixx AT gmail DOT com>
* @sa @link internalLang Internationalization @endlink
* @ingroup internalLang
*/
$this->_strings = array(
CAS_STR_USING_SERVER
=> 'usant servidor',
CAS_STR_AUTHENTICATION_WANTED
=> 'Autentificació CAS necessària!',
CAS_STR_LOGOUT
=> 'Sortida de CAS necessària!',
CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
=> 'Ja hauria d\ haver estat redireccionat al servidor CAS. Feu click <a href="%s">aquí</a> per a continuar.',
CAS_STR_AUTHENTICATION_FAILED
=> 'Autentificació CAS fallida!',
CAS_STR_YOU_WERE_NOT_AUTHENTICATED
=> '<p>No estàs autentificat.</p><p>Pots tornar a intentar-ho fent click <a href="%s">aquí</a>.</p><p>Si el problema persisteix hauría de contactar amb l\'<a href="mailto:%s">administrador d\'aquest llocc</a>.</p>',
CAS_STR_SERVICE_UNAVAILABLE
=> 'El servei `<b>%s</b>\' no està disponible (<b>%s</b>).'
);
?>

27
main/auth/cas/lib/CAS/languages/english.php
Unescape View File

@ -1,27 +0,0 @@
<?php
/**
* @file languages/english.php
* @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
* @sa @link internalLang Internationalization @endlink
* @ingroup internalLang
*/
$this->_strings = array(
CAS_STR_USING_SERVER
=> 'using server',
CAS_STR_AUTHENTICATION_WANTED
=> 'CAS Authentication wanted!',
CAS_STR_LOGOUT
=> 'CAS logout wanted!',
CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
=> 'You should already have been redirected to the CAS server. Click <a href="%s">here</a> to continue.',
CAS_STR_AUTHENTICATION_FAILED
=> 'CAS Authentication failed!',
CAS_STR_YOU_WERE_NOT_AUTHENTICATED
=> '<p>You were not authenticated.</p><p>You may submit your request again by clicking <a href="%s">here</a>.</p><p>If the problem persists, you may contact <a href="mailto:%s">the administrator of this site</a>.</p>',
CAS_STR_SERVICE_UNAVAILABLE
=> 'The service `<b>%s</b>\' is not available (<b>%s</b>).'
);
?>

28
main/auth/cas/lib/CAS/languages/french.php
Unescape View File

@ -1,28 +0,0 @@
<?php
/**
* @file languages/english.php
* @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
* @sa @link internalLang Internationalization @endlink
* @ingroup internalLang
*/
$this->_strings = array(
CAS_STR_USING_SERVER
=> 'utilisant le serveur',
CAS_STR_AUTHENTICATION_WANTED
=> 'Authentication CAS n<EFBFBD>cessaire&nbsp;!',
CAS_STR_LOGOUT
=> 'D<EFBFBD>connexion demand<EFBFBD>e&nbsp;!',
CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
=> 'Vous auriez du etre redirig<EFBFBD>(e) vers le serveur CAS. Cliquez <a href="%s">ici</a> pour continuer.',
CAS_STR_AUTHENTICATION_FAILED
=> 'Authentification CAS infructueuse&nbsp;!',
CAS_STR_YOU_WERE_NOT_AUTHENTICATED
=> '<p>Vous n\'avez pas <EFBFBD>t<EFBFBD> authentifi<EFBFBD>(e).</p><p>Vous pouvez soumettre votre requete <EFBFBD> nouveau en cliquant <a href="%s">ici</a>.</p><p>Si le probl<EFBFBD>me persiste, vous pouvez contacter <a href="mailto:%s">l\'administrateur de ce site</a>.</p>',
CAS_STR_SERVICE_UNAVAILABLE
=> 'Le service `<b>%s</b>\' est indisponible (<b>%s</b>)'
);
?>

27
main/auth/cas/lib/CAS/languages/german.php
Unescape View File

@ -1,27 +0,0 @@
<?php
/**
* @file languages/german.php
* @author Henrik Genssen <hg at mediafactory.de>
* @sa @link internalLang Internationalization @endlink
* @ingroup internalLang
*/
$this->_strings = array(
CAS_STR_USING_SERVER
=> 'via Server',
CAS_STR_AUTHENTICATION_WANTED
=> 'CAS Authentifizierung erforderlich!',
CAS_STR_LOGOUT
=> 'CAS Abmeldung!',
CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
=> 'eigentlich h&auml;ten Sie zum CAS Server weitergeleitet werden sollen. Dr&uuml;cken Sie <a href="%s">hier</a> um fortzufahren.',
CAS_STR_AUTHENTICATION_FAILED
=> 'CAS Anmeldung fehlgeschlagen!',
CAS_STR_YOU_WERE_NOT_AUTHENTICATED
=> '<p>Sie wurden nicht angemeldet.</p><p>Um es erneut zu versuchen klicken Sie <a href="%s">hier</a>.</p><p>Wenn das Problem bestehen bleibt, kontkatieren Sie den <a href="mailto:%s">Administrator</a> dieser Seite.</p>',
CAS_STR_SERVICE_UNAVAILABLE
=> 'Der Dienst `<b>%s</b>\' ist nicht verf&uuml;gbar (<b>%s</b>).'
);
?>

27
main/auth/cas/lib/CAS/languages/greek.php
Unescape View File

@ -1,27 +0,0 @@
<?php
/**
* @file languages/greek.php
* @author Vangelis Haniotakis <haniotak at ucnet.uoc.gr>
* @sa @link internalLang Internationalization @endlink
* @ingroup internalLang
*/
$this->_strings = array(
CAS_STR_USING_SERVER
=> '<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
CAS_STR_AUTHENTICATION_WANTED
=> '<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> CAS!',
CAS_STR_LOGOUT
=> '<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD> CAS!',
CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
=> '<EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> CAS. <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD> <a href="%s"><EFBFBD><EFBFBD><EFBFBD></a> <EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.',
CAS_STR_AUTHENTICATION_FAILED
=> '<EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> CAS <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!',
CAS_STR_YOU_WERE_NOT_AUTHENTICATED
=> '<p><EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.</p><p><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD> <a href="%s"><EFBFBD><EFBFBD><EFBFBD></a>.</p><p><EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD> <a href="mailto:%s"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></a>.</p>',
CAS_STR_SERVICE_UNAVAILABLE
=> '<EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> `<b>%s</b>\' <EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<b>%s</b>).'
);
?>

27
main/auth/cas/lib/CAS/languages/japanese.php
Unescape View File

@ -1,27 +0,0 @@
<?php
/**
* @file languages/japanese.php
* @author fnorif (fnorif@yahoo.co.jp)
*
* Now Encoding is EUC-JP and LF
**/
$this->_strings = array(
CAS_STR_USING_SERVER
=> 'using server',
CAS_STR_AUTHENTICATION_WANTED
=> 'CAS<EFBFBD>ˤ<EFBFBD><EFBFBD>ǧ<EFBFBD>ڤ<EFBFBD>Ԥ<EFBFBD><EFBFBD>ޤ<EFBFBD>',
CAS_STR_LOGOUT
=> 'CAS<EFBFBD><EFBFBD><EFBFBD><EFBFBD>?<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ȥ<EFBFBD><EFBFBD>ޤ<EFBFBD>!',
CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
=> 'CAS<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ф˹Ԥ<EFBFBD>ɬ<EFBFBD>פ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ޤ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ưŪ<EFBFBD><EFBFBD>ž<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʤ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <a href="%s"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></a> <EFBFBD>򥯥<EFBFBD>å<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>³<EFBFBD>Ԥ<EFBFBD><EFBFBD>ޤ<EFBFBD><EFBFBD><EFBFBD>',
CAS_STR_AUTHENTICATION_FAILED
=> 'CAS<EFBFBD>ˤ<EFBFBD><EFBFBD>ǧ<EFBFBD>ڤ˼<EFBFBD><EFBFBD>Ԥ<EFBFBD><EFBFBD>ޤ<EFBFBD><EFBFBD><EFBFBD>',
CAS_STR_YOU_WERE_NOT_AUTHENTICATED
=> '<p>ǧ<EFBFBD>ڤǤ<EFBFBD><EFBFBD>ޤ<EFBFBD><EFBFBD><EFBFBD>Ǥ<EFBFBD><EFBFBD><EFBFBD>.</p><p><EFBFBD><EFBFBD><EFBFBD><EFBFBD>٥ꥯ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ȥ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><a href="%s"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></a><EFBFBD>򥯥<EFBFBD>å<EFBFBD>.</p><p><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʤ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <a href="mailto:%s"><EFBFBD><EFBFBD><EFBFBD>Υ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ȥδ<EFBFBD><EFBFBD><EFBFBD><EFBFBD></a><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƥ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.</p>',
CAS_STR_SERVICE_UNAVAILABLE
=> '<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӥ<EFBFBD> `<b>%s</b>\' <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ѤǤ<EFBFBD><EFBFBD>ޤ<EFBFBD><EFBFBD><EFBFBD> (<b>%s</b>).'
);
?>

24
main/auth/cas/lib/CAS/languages/languages.php
Unescape View File

@ -1,24 +0,0 @@
<?php
/**
* @file languages/languages.php
* Internationalization constants
* @author Pascal Aubry <pascal.aubry at univ-rennes1.fr>
* @sa @link internalLang Internationalization @endlink
* @ingroup internalLang
*/
//@{
/**
* a phpCAS string index
*/
define("CAS_STR_USING_SERVER", 1);
define("CAS_STR_AUTHENTICATION_WANTED", 2);
define("CAS_STR_LOGOUT", 3);
define("CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED", 4);
define("CAS_STR_AUTHENTICATION_FAILED", 5);
define("CAS_STR_YOU_WERE_NOT_AUTHENTICATED", 6);
define("CAS_STR_SERVICE_UNAVAILABLE", 7);
//@}
?>

27
main/auth/cas/lib/CAS/languages/spanish.php
Unescape View File

@ -1,27 +0,0 @@
<?php
/**
* @file languages/spanish.php
* @author Iván-Benjamín García Torà <ivaniclixx AT gmail DOT com>
* @sa @link internalLang Internationalization @endlink
* @ingroup internalLang
*/
$this->_strings = array(
CAS_STR_USING_SERVER
=> 'usando servidor',
CAS_STR_AUTHENTICATION_WANTED
=> '¡Autentificación CAS necesaria!',
CAS_STR_LOGOUT
=> '¡Salida CAS necesaria!',
CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
=> 'Ya debería haber sido redireccionado al servidor CAS. Haga click <a href="%s">aquí</a> para continuar.',
CAS_STR_AUTHENTICATION_FAILED
=> '¡Autentificación CAS fallida!',
CAS_STR_YOU_WERE_NOT_AUTHENTICATED
=> '<p>No estás autentificado.</p><p>Puedes volver a intentarlo haciendo click <a href="%s">aquí</a>.</p><p>Si el problema persiste debería contactar con el <a href="mailto:%s">administrador de este sitio</a>.</p>',
CAS_STR_SERVICE_UNAVAILABLE
=> 'El servicio `<b>%s</b>\' no está disponible (<b>%s</b>).'
);
?>

56
main/auth/cas/logincas.php
Unescape View File

@ -1,56 +0,0 @@
<?php
//----------------------------------------------------------------------
// CAS PLUGIN
//----------------------------------------------------------------------
// Copyright (c) 2006-2007 University Marc Bloch (UMB)
//----------------------------------------------------------------------
// This program is under the terms of the GENERAL PUBLIC LICENSE (GPL)
// as published by the FREE SOFTWARE FOUNDATION. The GPL is available
// through the world-wide-web at http://www.gnu.org/copyleft/gpl.html
//----------------------------------------------------------------------
// Authors: Pierre Cahard
//----------------------------------------------------------------------
// Load required
require '../../inc/global.inc.php';
require_once 'authcas.php';
use ChamiloSession as Session;
global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
// phpCAS
/*
If we are not logged and in our browser enter an URL with a name of a course
e.g. http://www.chamilo.fr/chamilo/courses/COURSTESTOSETE/?id_session=0
We go to page api_not_allowed :
> You are not allowed to see this page.
> Sorry, you are not allowed to access this page, or maybe your connection has expired.
> Please click your browser's \"Back\" button or follow the link below to return to the previous page
If we click on the link to go to homepage, some datas are entered in $_SESSION and if we enter our CAS login,
we go to api_not_allowad_page again and again
As a result, if we are not logged on, we have to destroy the session variables, before calling CAS page
*/
if (api_is_anonymous()) {
Session::destroy();
}
if (cas_configured()) {
$firstpage = "";
if (isset($_GET['firstpage'])) {
$firstpage = $_GET['firstpage'];
setcookie("GotoCourse", $firstpage);
}
if (!is_object($PHPCAS_CLIENT)) {
phpCAS::client(
$cas_auth_ver,
$cas_auth_server,
$cas_auth_port,
$cas_auth_uri
);
phpCAS::setNoCasServerValidation();
}
phpCAS::forceAuthentication();
header('Location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login'));
} else {
header('Location: '.api_get_path(WEB_PATH));
}

13
main/auth/cas/logout.php
Unescape View File

@ -1,13 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
/*
Call this file to disconnect from CAS session.
logoutWithUrl() not used because with CAS v3 you cannot redirect your logout to a specific URL
because of security reason.
*/
require '../..//inc/global.inc.php';
require_once 'authcas.php';
global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
phpCAS::client($cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri);
phpCAS::logout();

220
main/auth/external_login/facebook.inc.php
Unescape View File

@ -1,220 +0,0 @@
<?php
/**
* Licence: GPL
* Please contact CBlue regarding any licences issues.
* Author: noel@cblue.be
* Copyright: CBlue SPRL, 20XX.
*
* External login module : FACEBOOK
*
* This files provides the facebookConnect() and facebook_get_url functions
* Please edit the facebook.conf.php file to adapt it to your fb application parameter
*/
require_once __DIR__.'/../../inc/global.inc.php';
require_once __DIR__.'/facebook.init.php';
require_once __DIR__.'/functions.inc.php';
/**
* This function connect to facebook and retrieves the user info
* If user does not exist in chamilo, it creates it and logs in
* If user already exists, it updates his info.
*/
function facebookConnect()
{
$fb = new \Facebook\Facebook([
'app_id' => $GLOBALS['facebook_config']['appId'],
'app_secret' => $GLOBALS['facebook_config']['secret'],
'default_graph_version' => 'v2.2',
]);
$helper = $fb->getRedirectLoginHelper();
try {
$accessToken = $helper->getAccessToken();
} catch (Facebook\Exceptions\FacebookResponseException $e) {
Display::addFlash(
Display::return_message('Facebook Graph returned an error: '.$e->getMessage(), 'error')
);
header('Location: '.api_get_path(WEB_PATH));
exit;
} catch (Facebook\Exceptions\FacebookSDKException $e) {
Display::addFlash(
Display::return_message('Facebook SDK returned an error: '.$e->getMessage(), 'error')
);
header('Location: '.api_get_path(WEB_PATH));
exit;
}
if (!isset($accessToken)) {
if (!$helper->getError()) {
return;
}
if (isset($_GET['loginFailed'])) {
return;
}
$error = implode('<br>', [
'Error: '.$helper->getError(),
'Error Code: '.$helper->getErrorCode(),
'Error Reason: '.$helper->getErrorReason(),
'Error Description: '.$helper->getErrorDescription(),
]);
Display::addFlash(
Display::return_message($error, 'error', false)
);
header('Location: '.api_get_path(WEB_PATH));
exit;
}
$oAuth2Client = $fb->getOAuth2Client();
$tokenMetadata = $oAuth2Client->debugToken($accessToken);
$tokenMetadata->validateAppId($GLOBALS['facebook_config']['appId']);
$tokenMetadata->validateExpiration();
if (!$accessToken->isLongLived()) {
try {
$accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
} catch (Facebook\Exceptions\FacebookSDKException $e) {
Display::addFlash(
Display::return_message('Error getting long-lived access token: '.$e->getMessage(), 'error')
);
header('Location: '.api_get_path(WEB_PATH));
exit;
}
}
try {
$response = $fb->get('/me?fields=id,first_name,last_name,locale,email', $accessToken->getValue());
} catch (Facebook\Exceptions\FacebookResponseException $e) {
Display::addFlash(
Display::return_message('Graph returned an error: '.$e->getMessage(), 'error')
);
header('Location: '.api_get_path(WEB_PATH));
exit;
} catch (Facebook\Exceptions\FacebookSDKException $e) {
Display::addFlash(
Display::return_message('Facebook SDK returned an error: '.$e->getMessage(), 'error')
);
header('Location: '.api_get_path(WEB_PATH));
exit;
}
$user = $response->getGraphUser();
$language = facebookPluginGetLanguage($user['locale']);
if (!$language) {
$language = 'en_US';
}
$u = [
'firstname' => $user->getFirstName(),
'lastname' => $user->getLastName(),
'status' => STUDENT,
'email' => $user->getEmail(),
'username' => changeToValidChamiloLogin($user->getEmail()),
'language' => $language,
'password' => 'facebook',
'auth_source' => 'facebook',
'extra' => [],
];
$chamiloUinfo = api_get_user_info_from_email($user->getEmail());
$_user['uidReset'] = true;
$_user['language'] = $language;
if ($chamiloUinfo === false) {
// We have to create the user
$chamilo_uid = external_add_user($u);
if ($chamilo_uid === false) {
Display::addFlash(
Display::return_message(get_lang('UserNotRegistered'), 'error')
);
header('Location: '.api_get_path(WEB_PATH));
exit;
}
$_user['user_id'] = $chamilo_uid;
$_SESSION['_user'] = $_user;
header('Location: '.api_get_path(WEB_PATH));
exit();
}
// User already exists, update info and login
$chamilo_uid = $chamiloUinfo['user_id'];
$u['user_id'] = $chamilo_uid;
external_update_user($u);
$_user['user_id'] = $chamilo_uid;
$_SESSION['_user'] = $_user;
header('Location: '.api_get_path(WEB_PATH));
exit();
}
/**
* Get facebook login url for the platform.
*
* @return string
*/
function facebookGetLoginUrl()
{
$fb = new \Facebook\Facebook([
'app_id' => $GLOBALS['facebook_config']['appId'],
'app_secret' => $GLOBALS['facebook_config']['secret'],
'default_graph_version' => 'v2.2',
]);
$helper = $fb->getRedirectLoginHelper();
$loginUrl = $helper->getLoginUrl(api_get_path(WEB_PATH).'?action=fbconnect', [
'email',
]);
return $loginUrl;
}
/**
* Return a valid Chamilo login
* Chamilo login only use characters lettres, des chiffres et les signes _ . -.
*
* @param $in_txt
*
* @return mixed
*/
function changeToValidChamiloLogin($in_txt)
{
return preg_replace("/[^a-zA-Z1-9_\-.]/", "_", $in_txt);
}
/**
* Get user language.
*
* @param string $language
*
* @return bool
*/
function facebookPluginGetLanguage($language = 'en_US')
{
$language = substr($language, 0, 2);
$sqlResult = Database::query(
"SELECT english_name FROM ".
Database::get_main_table(TABLE_MAIN_LANGUAGE).
" WHERE available = 1 AND isocode = '$language'"
);
if (Database::num_rows($sqlResult)) {
$result = Database::fetch_array($sqlResult);
return $result['english_name'];
}
return false;
}

24
main/auth/external_login/facebook.init.php
Unescape View File

@ -1,24 +0,0 @@
<?php
/**
* Licence: GPL
* Please contact CBlue regarding any licences issues.
* Author: noel@cblue.be
* Copyright: CBlue SPRL, 20XX.
*
* External login module : FACEBOOK
*
* Configuration file
* Please edit this file to match with your FACEBOOK settings
* */
/**
* Facebook application setting.
* */
//Loads the portal facebook settings
/**
* Facebook application setting
* Loads the portal facebook settings
* See facebook section of the auth.conf.php file.
*/
require __DIR__.'/../../../app/config/auth.conf.php';

231
main/auth/external_login/functions.inc.php
Unescape View File

@ -1,231 +0,0 @@
<?php
//define('USERINFO_TABLE', 'danone_userinfo');
//define('DEFAULT_PASSWORD', 'danonelearning');
//TODO : Please implements this function for this module to work.
/**
* Gets user info from external source.
*
* @param string login
* @param string password
*
* @return user array with at least the following fields:
* firstname
* lastname
* status
* email
* login
* password
* or false if no data
* */
function external_get_user_info($login, $password)
{
//Those are the mandatory fields for user creation.
//See external_add_user function for all the fields you can have.
$table = USERINFO_TABLE;
$sql = "SELECT * from $table where username='".Database::escape_string($login)."'";
$result = Database::query($sql);
if (Database::num_rows($result) == 0) { //false password
return false;
}
$user_info = Database::fetch_assoc($result);
// User status
$admin = false;
switch ($user_info['status']) {
case 'admin':
$status = COURSEMANAGER;
$admin = true;
break;
case 'teacher':
$status = COURSEMANAGER;
break;
case 'user':
$status = STUDENT;
break;
default:
$status = STUDENT;
}
// Language
switch ($user_info['language']) {
case 'FR':
$language = 'french';
break;
case 'EN':
$language = 'english';
break;
default:
$language = 'english';
break;
}
//Can Send Message ?
$can_send_message = ($user_info['can_send_message'] == 1) ? 'yes' : 'no';
$u = [
'firstname' => $user_info['firstname'],
'lastname' => $user_info['lastname'],
'status' => $status,
'admin' => $admin,
'email' => $user_info['email'],
'username' => $user_info['username'],
'language' => $language,
'password' => DEFAULT_PASSWORD,
'courses' => $user_info['courses'],
'profile_link' => $user_info['profile_link'],
'worldwide_bu' => $user_info['worlwide_bu'],
'manager' => $user_info['manager'],
'extra' => [
'position_title' => $user_info['position_title'],
'country' => $user_info['country'],
'job_family' => $user_info['job_family'],
'country_bu' => $user_info['country_bu'],
'worldwide_bu' => $user_info['worldwide_bu'],
'profile_link' => $user_info['profile_link'],
'can_send_message' => $can_send_message,
'update_type' => 'external_logininfo', ],
];
return $u; //Please return false if user does not exist
//return false;
}
/**
* Return an array with all user info.
*
* @param associative array with at least thes fields setted :
firstname, lastname, status, email, login, password
* @return mixed new user id - if the new user creation succeeds, false otherwise
* */
function external_add_user($u)
{
//Setting default
if (empty($u['password'])) {
$u['password'] = null;
}
if (empty($u['status'])) {
$u['status'] = 5;
}
if (!isset($u['official_code'])) {
$u['official_code'] = '';
}
if (!isset($u['language'])) {
$u['language'] = '';
}
if (!isset($u['phone'])) {
$u['phone'] = '';
}
if (!isset($u['picture_uri'])) {
$u['picture_uri'] = '';
}
if (!isset($u['auth_source'])) {
$u['auth_source'] = PLATFORM_AUTH_SOURCE;
}
if (!isset($u['expiration_date'])) {
$u['expiration_date'] = '';
}
if (!isset($u['active'])) {
$u['active'] = 1;
}
if (!isset($u['hr_dept_id'])) {
$u['hr_dept_id'] = 0;
} //id of responsible HR
if (!isset($u['extra'])) {
$u['extra'] = null;
}
if (!isset($u['encrypt_method'])) {
$u['encrypt_method'] = '';
}
$chamilo_uid = UserManager::create_user(
$u['firstname'],
$u['lastname'],
$u['status'],
$u['email'],
$u['username'],
$u['password'],
$u['official_code'],
$u['language'],
$u['phone'],
$u['picture_uri'],
$u['auth_source'],
$u['expiration_date'],
$u['active'],
$u['hr_dept_id'],
$u['extra'],
$u['encrypt_method']
);
return $chamilo_uid;
}
/**
* Update the user in chamilo database. It upgrade only info that is present in the
* new_user array.
*
* @param $new_user associative array with the value to upgrade
* WARNING user_id key is MANDATORY
* Possible keys are :
* - firstname
* - lastname
* - username
* - auth_source
* - email
* - status
* - official_code
* - phone
* - picture_uri
* - expiration_date
* - active
* - creator_id
* - hr_dept_id
* - extra : array of custom fields
* - language
* - courses : string of all courses code separated by '|'
* - admin : boolean
*
* @return bool|null
*
* @author ndiechburg <noel@cblue.be>
* */
function external_update_user($new_user)
{
$old_user = api_get_user_info($new_user['user_id']);
$u = array_merge($old_user, $new_user);
$updated = UserManager::update_user(
$u['user_id'],
$u['firstname'],
$u['lastname'],
$u['username'],
null,
$u['auth_source'],
$u['email'],
$u['status'],
$u['official_code'],
$u['phone'],
$u['picture_uri'],
$u['expiration_date'],
$u['active'],
$u['creator_id'],
$u['hr_dept_id'],
$u['extra'],
$u['language'],
''
);
if (isset($u['courses']) && !empty($u['courses'])) {
$autoSubscribe = explode('|', $u['courses']);
foreach ($autoSubscribe as $code) {
if (CourseManager::course_exists($code)) {
CourseManager::subscribe_user($u['user_id'], $code);
}
}
}
// Is User Admin ?
//TODO decomments and check that user_is is not already in admin table
/*
if (isset($u['admin']) && $u['admin']){
$table = Database::get_main_table(TABLE_MAIN_ADMIN);
$res = Database::query("SELECT * from $table WHERE user_id = ".$u['user_id']);
} */
}

407
main/auth/external_login/ldap.inc.php
Unescape View File

@ -1,407 +0,0 @@
<?php
// External login module : LDAP
/**
* This files is included by newUser.ldap.php and login.ldap.php
* It implements the functions nedded by both files.
* */
require_once __DIR__.'/../../inc/global.inc.php';
$debug = false;
/**
* Returns a transcoded and trimmed string.
*
* @param string
*
* @return string
*
* @author ndiechburg <noel@cblue.be>
* */
function extldap_purify_string($string)
{
global $extldap_config;
if (isset($extldap_config['encoding'])) {
return trim(api_to_system_encoding($string, $extldap_config['encoding']));
} else {
return trim($string);
}
}
/**
* Establishes a connection to the LDAP server and sets the protocol version.
*
* @return bool ldap link identifier or false
*
* @author ndiechburg <noel@cblue.be>
* */
function extldap_connect()
{
global $extldap_config, $debug;
if (!is_array($extldap_config['host'])) {
$extldap_config['host'] = [$extldap_config['host']];
}
foreach ($extldap_config['host'] as $host) {
//Trying to connect
if (isset($extldap_config['port'])) {
$ds = ldap_connect($host, $extldap_config['port']);
} else {
$ds = ldap_connect($host);
}
if (!$ds) {
$port = isset($extldap_config['port']) ? $extldap_config['port'] : 389;
if ($debug) {
error_log(
'EXTLDAP ERROR : cannot connect to '.$extldap_config['host'].':'.$port
);
}
} else {
break;
}
}
if (!$ds) {
if ($debug) {
error_log('EXTLDAP ERROR : no valid server found');
}
return false;
}
// Setting protocol version
if (isset($extldap_config['protocol_version'])) {
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $extldap_config['protocol_version'])) {
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 2);
}
}
// Setting protocol version
if (isset($extldap_config['referrals'])) {
if (!ldap_set_option($ds, LDAP_OPT_REFERRALS, $extldap_config['referrals'])) {
ldap_set_option($ds, LDAP_OPT_REFERRALS, $extldap_config['referrals']);
}
}
return $ds;
}
/**
* Authenticate user on external ldap server and return user ldap entry if that succeeds.
*
* @param string $password
*
* @return mixed false if user cannot authenticate on ldap, user ldap entry if tha succeeds
*
* @author ndiechburg <noel@cblue.be>
* Modified by hubert.borderiou@grenet.fr
* Add possibility to get user info from LDAP without check password (if CAS auth and LDAP profil update)
*
* */
function extldap_authenticate($username, $password, $in_auth_with_no_password = false)
{
global $extldap_config, $debug;
if (empty($username) || empty($password)) {
return false;
}
$ds = extldap_connect();
if (!$ds) {
return false;
}
// Connection as admin to search dn of user
$ldapbind = @ldap_bind($ds, $extldap_config['admin_dn'], $extldap_config['admin_password']);
if ($ldapbind === false) {
if ($debug) {
error_log(
'EXTLDAP ERROR : cannot connect with admin login/password'
);
}
return false;
}
$user_search = extldap_get_user_search_string($username);
// Search distinguish name of user
$sr = ldap_search($ds, $extldap_config['base_dn'], $user_search);
if (!$sr) {
if ($debug) {
error_log(
'EXTLDAP ERROR : ldap_search('.$ds.', '.$extldap_config['base_dn'].", $user_search) failed"
);
}
return false;
}
$entries_count = ldap_count_entries($ds, $sr);
if ($entries_count > 1) {
if ($debug) {
error_log(
'EXTLDAP ERROR : more than one entry for that user ( ldap_search(ds, '.$extldap_config['base_dn'].", $user_search) )"
);
}
return false;
}
if ($entries_count < 1) {
if ($debug) {
error_log(
'EXTLDAP ERROR : No entry for that user ( ldap_search(ds, '.$extldap_config['base_dn'].", $user_search) )"
);
}
return false;
}
$users = ldap_get_entries($ds, $sr);
$user = $users[0];
// If we just want to have user info from LDAP and not to check password
if ($in_auth_with_no_password) {
return $user;
}
// now we try to autenthicate the user in the ldap
$ubind = @ldap_bind($ds, $user['dn'], $password);
if ($ubind !== false) {
return $user;
} else {
if ($debug) {
error_log('EXTLDAP : Wrong password for '.$user['dn']);
}
return false;
}
}
/**
* Return an array with userinfo compatible with chamilo using $extldap_user_correspondance
* configuration array declared in ldap.conf.php file.
*
* @param array ldap user
* @param array correspondance array (if not set use extldap_user_correspondance declared in auth.conf.php
*
* @return array userinfo array
*
* @author ndiechburg <noel@cblue.be>
* */
function extldap_get_chamilo_user($ldap_user, $cor = null)
{
global $extldap_user_correspondance, $debug;
if (is_null($cor)) {
$cor = $extldap_user_correspondance;
}
$chamilo_user = [];
foreach ($cor as $chamilo_field => $ldap_field) {
if (is_array($ldap_field)) {
$chamilo_user[$chamilo_field] = extldap_get_chamilo_user($ldap_user, $ldap_field);
continue;
}
switch ($ldap_field) {
case 'func':
$func = "extldap_get_$chamilo_field";
if (function_exists($func)) {
$chamilo_user[$chamilo_field] = extldap_purify_string($func($ldap_user));
} else {
if ($debug) {
error_log(
"EXTLDAP WARNING : You forgot to declare $func"
);
}
}
break;
default:
//if string begins with "!", then this is a constant
if ($ldap_field[0] === '!') {
$chamilo_user[$chamilo_field] = trim($ldap_field, "!\t\n\r\0");
break;
}
if (isset($ldap_user[$ldap_field][0])) {
$chamilo_user[$chamilo_field] = extldap_purify_string($ldap_user[$ldap_field][0]);
} else {
if ($debug) {
error_log(
'EXTLDAP WARNING : '.$ldap_field.'[0] field is not set in ldap array'
);
}
}
break;
}
}
return $chamilo_user;
}
/**
* Please declare here all the function you use in extldap_user_correspondance
* All these functions must have an $ldap_user parameter. This parameter is the
* array returned by the ldap for the user.
* */
function extldap_get_status($ldap_user)
{
return STUDENT;
}
function extldap_get_admin($ldap_user)
{
return false;
}
/**
* return the string used to search a user in ldap.
*
* @param string username
*
* @return string the serach string
*
* @author ndiechburg <noel@cblue.be>
* */
function extldap_get_user_search_string($username)
{
global $extldap_config;
// init
$filter = '('.$extldap_config['user_search'].')';
// replacing %username% by the actual username
$filter = str_replace('%username%', $username, $filter);
// append a global filter if needed
if (isset($extldap_config['filter']) && $extldap_config['filter'] != "") {
$filter = '(&'.$filter.'('.$extldap_config['filter'].'))';
}
return $filter;
}
/**
* Imports all LDAP users into Chamilo.
*
* @return false|null false on error, true otherwise
*/
function extldap_import_all_users()
{
global $extldap_config, $debug;
//echo "Connecting...\n";
$ds = extldap_connect();
if (!$ds) {
return false;
}
//echo "Binding...\n";
$ldapbind = false;
//Connection as admin to search dn of user
$ldapbind = @ldap_bind($ds, $extldap_config['admin_dn'], $extldap_config['admin_password']);
if ($ldapbind === false) {
if ($debug) {
error_log(
'EXTLDAP ERROR : cannot connect with admin login/password'
);
}
return false;
}
//browse ASCII values from a to z to avoid 1000 results limit of LDAP
$count = 0;
$alphanum = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9'];
for ($a = 97; $a <= 122; $a++) {
$alphanum[] = chr($a);
}
foreach ($alphanum as $char1) {
foreach ($alphanum as $char2) {
//$user_search = "uid=*";
$user_search = "sAMAccountName=$char1$char2*";
//Search distinguish name of user
$sr = ldap_search($ds, $extldap_config['base_dn'], $user_search);
if (!$sr) {
if ($debug) {
error_log(
'EXTLDAP ERROR : ldap_search('.$ds.', '.$extldap_config['base_dn'].", $user_search) failed"
);
}
return false;
}
//echo "Getting entries\n";
$users = ldap_get_entries($ds, $sr);
//echo "Entries: ".$users['count']."\n";
for ($key = 0; $key < $users['count']; $key++) {
$user_id = extldap_add_user_by_array($users[$key], true);
$count++;
}
}
}
//echo "Found $count users in total\n";
@ldap_close($ds);
}
/**
* Insert users from an array of user fields.
*/
function extldap_add_user_by_array($data, $update_if_exists = true)
{
global $extldap_user_correspondance;
$lastname = api_convert_encoding($data[$extldap_user_correspondance['lastname']][0], api_get_system_encoding(), 'UTF-8');
$firstname = api_convert_encoding($data[$extldap_user_correspondance['firstname']][0], api_get_system_encoding(), 'UTF-8');
$email = $data[$extldap_user_correspondance['email']][0];
$username = $data[$extldap_user_correspondance['username']][0];
// TODO the password, if encrypted at the source, will be encrypted twice, which makes it useless. Try to fix that.
$passwordKey = isset($extldap_user_correspondance['password']) ? $extldap_user_correspondance['password'] : 'userPassword';
$password = $data[$passwordKey][0];
// To ease management, we add the step-year (etape-annee) code
//$official_code = $etape."-".$annee;
$official_code = api_convert_encoding($data[$extldap_user_correspondance['official_code']][0], api_get_system_encoding(), 'UTF-8');
$auth_source = 'ldap';
// No expiration date for students (recover from LDAP's shadow expiry)
$expiration_date = '';
$active = 1;
$status = 5;
$phone = '';
$picture_uri = '';
// Adding user
$user_id = 0;
if (UserManager::is_username_available($username)) {
//echo "$username\n";
$user_id = UserManager::create_user(
$firstname,
$lastname,
$status,
$email,
$username,
$password,
$official_code,
api_get_setting('platformLanguage'),
$phone,
$picture_uri,
$auth_source,
$expiration_date,
$active
);
} else {
if ($update_if_exists) {
$user = api_get_user_info($username);
$user_id = $user['user_id'];
//echo "$username\n";
UserManager::update_user(
$user_id,
$firstname,
$lastname,
$username,
null,
null,
$email,
$status,
$official_code,
$phone,
$picture_uri,
$expiration_date,
$active
);
}
}
return $user_id;
}

22
main/auth/external_login/ldap_import_all_users.php
Unescape View File

@ -1,22 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
/**
* This script executes the importation of all users in the LDAP repository
* into Chamilo.
*
* @package chamilo.auth.ldap
*/
/**
* Init.
*/
if (PHP_SAPI != 'cli') {
die('For security reasons, this script can only be launched from cron or from the command line');
}
require __DIR__.'/../../inc/global.inc.php';
require __DIR__.'/ldap.inc.php';
require __DIR__.'/../../inc/conf/auth.conf.php';
/**
* Code execution.
*/
extldap_import_all_users();

85
main/auth/external_login/login.ldap.php
Unescape View File

@ -1,85 +0,0 @@
<?php
use ChamiloSession as Session;
// External login module : LDAP
/**
* This file is included in main/inc/local.inc.php at user login if the user have 'external_ldap' in
* his auth_source field instead of platform.
*
* Variables that can be used :
* - $login : string containing the username posted by the user
* - $password : string containing the password posted by the user
* - $uData : associative array with those keys :
* -username
* -password
* -auth_source
* -active
* -expiration_date
*
* If login succeeds, we have 2 choices :
* 1. - set $loginFailed to false,
* - set $_SESSION['_user']['user_id'] with the Chamilo user_id
* - set $uidReset to true
* - upgrade user info in chamilo database if needed
* - let the script local.inc.php continue
*
* 2. - set $_SESSION['_user']['user_id'] with the Chamilo user_id
* - set $_SESSION['_user']['uidReset'] to true
* - upgrade user info in chamilo database if needed
* - redirect to any page and let local.inc.php do the magic
*
* If login fails we have to redirect to index.php with the right message
* Possible messages are :
* - index.php?loginFailed=1&error=access_url_inactive
* - index.php?loginFailed=1&error=account_expired
* - index.php?loginFailed=1&error=account_inactive
* - index.php?loginFailed=1&error=user_password_incorrect
* - index.php?loginFailed=1&error=unrecognize_sso_origin');
*
* */
require_once __DIR__.'/ldap.inc.php';
require_once __DIR__.'/functions.inc.php';
$debug = false;
if ($debug) {
error_log('Entering login.ldap.php');
}
$ldap_user = extldap_authenticate($login, $password);
if ($ldap_user !== false) {
if ($debug) {
error_log('extldap_authenticate works');
}
$chamilo_user = extldap_get_chamilo_user($ldap_user);
//userid is not on the ldap, we have to use $uData variable from local.inc.php
$chamilo_user['user_id'] = $uData['user_id'];
if ($debug) {
error_log("chamilo_user found user_id: {$uData['user_id']}");
}
//U pdate user info
if (isset($extldap_config['update_userinfo']) && $extldap_config['update_userinfo']) {
external_update_user($chamilo_user);
if ($debug) {
error_log("Calling external_update_user");
}
}
$loginFailed = false;
$_user['user_id'] = $chamilo_user['user_id'];
$_user['status'] = (isset($chamilo_user['status']) ? $chamilo_user['status'] : 5);
$_user['uidReset'] = true;
Session::write('_user', $_user);
$uidReset = true;
$logging_in = true;
Event::eventLogin($_user['user_id']);
} else {
if ($debug) {
error_log('extldap_authenticate error');
}
$loginFailed = true;
$uidReset = false;
if (isset($_user) && isset($_user['user_id'])) {
unset($_user['user_id']);
}
}

107
main/auth/external_login/login.ws.php
Unescape View File

@ -1,107 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
use ChamiloSession as Session;
// External login module : WS (for Web Services)
/**
* This file is included in main/inc/local.inc.php at user login if the user
* have 'ws' in his auth_source field instead of 'platform'.
*/
// Configure the web service URL here. e.g. http://174.1.1.19:8020/login.asmx?WSDL
$wsUrl = '';
// include common authentication functions
require_once __DIR__.'/functions.inc.php';
// call the login checker (defined below)
$isValid = loginWSAuthenticate($login, $password, $wsUrl);
// if the authentication was successful, proceed
if ($isValid === 1) {
//error_log('WS authentication worked');
$chamiloUser = api_get_user_info_from_username($login);
$loginFailed = false;
$_user['user_id'] = $chamiloUser['user_id'];
$_user['status'] = (isset($chamiloUser['status']) ? $chamiloUser['status'] : 5);
$_user['uidReset'] = true;
Session::write('_user', $_user);
$uidReset = true;
$logging_in = true;
Event::eventLogin($_user['user_id']);
} else {
//error_log('WS authentication error - user not approved by external WS');
$loginFailed = true;
$uidReset = false;
if (isset($_user) && isset($_user['user_id'])) {
unset($_user['user_id']);
}
}
/**
* Checks whether a user has the right to enter on the platform or not.
*
* @param string The username, as provided in form
* @param string The cleartext password, as provided in form
* @param string The WS URL, as provided at the beginning of this script
*/
function loginWSAuthenticate($username, $password, $wsUrl)
{
// check params
if (empty($username) || empty($password) || empty($wsUrl)) {
return false;
}
// Create new SOAP client instance
$client = new SoapClient($wsUrl);
if (!$client) {
return false;
}
// Include phpseclib methods, because of a bug with AES/CFB in mcrypt
include_once api_get_path(LIBRARY_PATH).'phpseclib/Crypt/AES.php';
// Define all elements necessary to the encryption
$key = '-+*%$({[]})$%*+-';
// Complete password con PKCS7-specific padding
$blockSize = 16;
$padding = $blockSize - (strlen($password) % $blockSize);
$password .= str_repeat(chr($padding), $padding);
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
$cipher->setKeyLength(128);
$cipher->setKey($key);
$cipher->setIV($key);
$cipheredPass = $cipher->encrypt($password);
// Mcrypt call left for documentation purposes - broken, see https://bugs.php.net/bug.php?id=51146
//$cipheredPass = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $password, MCRYPT_MODE_CFB, $key);
// Following lines present for debug purposes only
/*
$arr = preg_split('//', $cipheredPass, -1, PREG_SPLIT_NO_EMPTY);
foreach ($arr as $char) {
error_log(ord($char));
}
*/
// Change to base64 to avoid communication alteration
$passCrypted = base64_encode($cipheredPass);
// The call to the webservice will change depending on your definition
try {
$response = $client->validateUser(
[
'user' => $username,
'pass' => $passCrypted,
'system' => 'chamilo',
]
);
} catch (SoapFault $fault) {
error_log('Caught something');
if ($fault->faultstring != 'Could not connect to host') {
error_log('Not a connection problem');
throw $fault;
} else {
error_log('Could not connect to WS host');
}
return 0;
}
return $response->validateUserResult;
}

71
main/auth/external_login/newUser.ldap.php
Unescape View File

@ -1,71 +0,0 @@
<?php
// External login module : LDAP
/**
* This file is included by main/inc/local.inc.php when extldap is activated, a user try to login
* and chamilo does not find his user
* Variables that can be used :
* - $login : string containing the username posted by the user
* - $password : string containing the password posted by the user.
*
* Please configure the exldap module in main/auth/external_login/ldap.conf.php
*
* If login succeeds, we have to add the user in the chamilo database and then
* we have 2 choices :
* 1. - set $loginFailed to false,
* - set $_SESSION['_user']['user_id'] with the dokeos user_id
* - set $uidReset to true
* - let the script local.inc.php continue
*
* 2. - set $_SESSION['_user']['user_id'] with the dokeos user_id
* - set $_SESSION['_user']['uidReset'] to true
* - upgrade user info in dokeos database if needeed
* - redirect to any page and let local.inc.php do the magic
*
* If login fails we have also 2 choices :
* 1. - unset $_user['user_id']
* - set $loginFailed=true
* - set $uidReset = false
* User wil then have the user password incorrect message
*
* 2. We redirect the user to index.php with appropriate message :
* Possible messages are :
* - index.php?loginFailed=1&error=access_url_inactive
* - index.php?loginFailed=1&error=account_expired
* - index.php?loginFailed=1&error=account_inactive
* - index.php?loginFailed=1&error=user_password_incorrect
* - index.php?loginFailed=1&error=unrecognize_sso_origin');
* */
use ChamiloSession as Session;
require_once __DIR__.'/ldap.inc.php';
require_once __DIR__.'/functions.inc.php';
$ldap_user = extldap_authenticate($login, $password);
if ($ldap_user !== false) {
$chamilo_user = extldap_get_chamilo_user($ldap_user);
//username is not on the ldap, we have to use $login variable
$chamilo_user['username'] = $login;
$chamilo_uid = external_add_user($chamilo_user);
$chamiloUser = api_get_user_entity($chamilo_uid);
if ($chamiloUser) {
$loginFailed = false;
$_user['user_id'] = $chamiloUser->getId();
$_user['status'] = $chamiloUser->getStatus();
$_user['uidReset'] = true;
Session::write('_user', $_user);
$uidReset = true;
// Is user admin?
if ($chamilo_user['admin'] === true) {
$is_platformAdmin = true;
Database::query("INSERT INTO admin values ('{$chamiloUser->getId()}')");
}
Event::eventLogin($chamiloUser->getId());
MessageManager::sendNotificationByRegisteredUser($chamiloUser);
}
} else {
$loginFailed = true;
$uidReset = false;
}

54
main/auth/external_login/newUser.php
Unescape View File

@ -1,54 +0,0 @@
<?php
/*
Template to automatically create a new user with information from anywhere.
This file is loaded by main/inc/local.inc.php
To use it please add this line to main/inc/conf/configuration.php :
$extAuthSource["external_logininfo"]["newUser"] = $_configuration['root_sys']."main/auth/external_logininfo/newUser.php";
You also have to implements the external_get_user_info function in functions.inc.php
*/
use ChamiloSession as Session;
require_once __DIR__.'/functions.inc.php';
//MAIN CODE
//$login and $password variables are setted in main/inc/local.inc.php
if ($password != DEFAULT_PASSWORD) {
$user = false;
} else {
$user = external_get_user_info($login, $password);
}
if ($user !== false && ($chamilo_uid = external_add_user($user)) !== false) {
//log in the user
$loginFailed = false;
$_user['user_id'] = $chamilo_uid;
$_user['uidReset'] = true;
Session::write('_user', $_user);
$uidReset = true;
//Autosubscribe to courses
if (!empty($user['courses'])) {
$autoSubscribe = explode('|', $user['courses']);
foreach ($autoSubscribe as $code) {
if (CourseManager::course_exists($code)) {
CourseManager::subscribe_user($_user['user_id'], $code);
}
}
}
// Is User Admin ?
if ($user['admin']) {
$is_platformAdmin = true;
Database::query("INSERT INTO admin values ('$chamilo_uid')");
}
// Can user create course
$is_allowedCreateCourse = (bool) (($user['status'] == COURSEMANAGER) or (api_get_setting('drhCourseManagerRights') and $user['status'] == SESSIONADMIN));
Event::eventLogin($chamilo_uid);
} else {
$loginFailed = true;
unset($_user['user_id']);
$uidReset = false;
}

41
main/auth/external_login/updateUser.php
Unescape View File

@ -1,41 +0,0 @@
<?php
//Script loaded by local.inc.php providing update user information of type external_logininfo.
/*
This script must not exit.
*/
use ChamiloSession as Session;
require_once __DIR__.'/functions.inc.php';
//MAIN CODE
//$uData variable is set in local.inc.php
$user = api_get_user_info($uData['user_id']);
$new_user = external_get_user_info($login);
$user['firstname'] = $new_user['firstname'];
$user['lastname'] = $new_user['lastname'];
$user['status'] = $new_user['status'];
$user['admin'] = $new_user['admin'];
$user['email'] = $new_user['email'];
$user['username'] = $new_user['username'];
$user['profile_link'] = $new_user['profile_link'];
$user['worldwide_bu'] = $new_user['worldwide_bu'];
$user['manager'] = $new_user['manager'];
$user['country_bu'] = $new_user['country_bu'];
$user['extra'] = $new_user['extra'];
if ($new_user !== false) { //User can login
external_update_user($user);
$loginFailed = false;
$_user['user_id'] = $user['user_id'];
$_user['uidReset'] = true;
$uidReset = true;
Session::write('_user', $_user);
} else {
//User cannot login
$loginFailed = true;
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_password_incorrect');
exit;
}

800
main/auth/ldap/authldap.php
Unescape View File

@ -1,800 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
/**
* LDAP module functions.
*
* If the application uses LDAP, these functions are used
* for logging in, searching user info, adding this info
* to the Chamilo database...
- function ldap_authentication_check()
- function ldap_find_user_info()
- function ldap_login()
- function ldap_put_user_info_locally()
- ldap_set_version()
known bugs
----------
- (fixed 18 june 2003) code has been internationalized
- (fixed 07/05/2003) fixed some non-relative urls or includes
- (fixed 28/04/2003) we now use global config.inc variables instead of local ones
- (fixed 22/04/2003) the last name of a user was restricted to the first part
- (fixed 11/04/2003) the user was never registered as a course manager
version history
---------------
This historial has been discontinued. Please use the Mercurial logs for more
3.2 - updated to allow for specific term search for teachers identification
3.1 - updated code to use database settings, to respect coding conventions
* as much as possible (camel-case removed) and to allow for non-anonymous login
3.0 - updated to use ldap_var.inc.php instead of ldap_var.inc (deprecated)
(November 2003)
2.9 - further changes for new login procedure
- (busy) translating french functions to english
(October 2003)
2.8 - adapted for new Claroline login procedure
- ldap package now becomes a standard, in auth/ldap
2.7 - uses more standard LDAP field names: mail, sn, givenname (or cn)
instead of mail, preferredsn, preferredgivenname
there are still
- code cleanup
- fixed bug: dc = xx, dc = yy was configured for UGent
and put literally in the code, this is now a variable
in configuration.php ($LDAPbasedn)
with thanks to
- Stefan De Wannemacker (Ghent University)
- Universite Jean Monet (J Dubois / Michel Courbon)
- Michel Panckoucke for reporting and fixing a bug
- Patrick Cool: fixing security hole
* @author Roan Embrechts
*
* @version 3.0
*
* @package chamilo.auth.ldap
* Note:
* If you are using a firewall, you might need to check port 389 is open in
* order for Chamilo to communicate with the LDAP server.
* See http://support.chamilo.org/issues/4675 for details.
*/
/**
* Inclusions.
*/
use ChamiloSession as Session;
/**
* Code.
*/
require_once api_get_path(SYS_CODE_PATH).'auth/external_login/ldap.inc.php';
require 'ldap_var.inc.php';
/**
* Check login and password with LDAP.
*
* @return bool when login & password both OK, false otherwise
*
* @author Roan Embrechts (based on code from Universit<EFBFBD> Jean Monet)
*/
function ldap_login($login, $password)
{
//error_log('Entering ldap_login('.$login.','.$password.')',0);
$res = ldap_authentication_check($login, $password);
// res=-1 -> the user does not exist in the ldap database
// res=1 -> invalid password (user does exist)
if ($res == 1) { //WRONG PASSWORD
//$errorMessage = "LDAP User or password incorrect, try again.<br />";
if (isset($log)) {
unset($log);
}
if (isset($uid)) {
unset($uid);
}
$loginLdapSucces = false;
}
if ($res == -1) { //WRONG USERNAME
//$errorMessage = "LDAP User or password incorrect, try again.<br />";
$login_ldap_success = false;
}
if ($res == 0) { //LOGIN & PASSWORD OK - SUCCES
//$errorMessage = "Successful login w/ LDAP.<br>";
$login_ldap_success = true;
}
//$result = "This is the result: $errorMessage";
$result = $login_ldap_success;
return $result;
}
/**
* Find user info in LDAP.
*
* @return array Array with indexes: "firstname", "name", "email", "employeenumber"
*
* @author Stefan De Wannemacker
* @author Roan Embrechts
*/
function ldap_find_user_info($login)
{
//error_log('Entering ldap_find_user_info('.$login.')',0);
global $ldap_host, $ldap_port, $ldap_basedn, $ldap_rdn, $ldap_pass, $ldap_search_dn;
// basic sequence with LDAP is connect, bind, search,
// interpret search result, close connection
//echo "Connecting ...";
$ldap_connect = ldap_connect($ldap_host, $ldap_port);
ldap_set_version($ldap_connect);
if ($ldap_connect) {
//echo " Connect to LDAP server successful ";
//echo "Binding ...";
$ldap_bind = false;
$ldap_bind_res = ldap_handle_bind($ldap_connect, $ldap_bind);
if ($ldap_bind_res) {
//echo " LDAP bind successful... ";
//echo " Searching for uid... ";
// Search surname entry
//OLD: $sr=ldap_search($ldapconnect,"dc=rug, dc=ac, dc=be", "uid=$login");
//echo "<p> ldapDc = '$LDAPbasedn' </p>";
if (!empty($ldap_search_dn)) {
$sr = ldap_search($ldap_connect, $ldap_search_dn, "uid=$login");
} else {
$sr = ldap_search($ldap_connect, $ldap_basedn, "uid=$login");
}
//echo " Search result is ".$sr;
//echo " Number of entries returned is ".ldap_count_entries($ldapconnect,$sr);
//echo " Getting entries ...";
$info = ldap_get_entries($ldap_connect, $sr);
//echo "Data for ".$info["count"]." items returned:<p>";
} // else could echo "LDAP bind failed...";
//echo "Closing LDAP connection<hr>";
ldap_close($ldap_connect);
} // else could echo "<h3>Unable to connect to LDAP server</h3>";
//DEBUG: $result["firstname"] = "Jan"; $result["name"] = "De Test"; $result["email"] = "email@ugent.be";
$result["firstname"] = $info[0]["cn"][0];
$result["name"] = $info[0]["sn"][0];
$result["email"] = $info[0]["mail"][0];
$tutor_field = api_get_setting('ldap_filled_tutor_field');
$result[$tutor_field] = $info[0][$tutor_field]; //employeenumber by default
return $result;
}
/**
* This function uses the data from ldap_find_user_info()
* to add the userdata to Chamilo
* "firstname", "name", "email", "isEmployee".
*
* @author Roan Embrechts
*/
function ldap_put_user_info_locally($login, $info_array)
{
//error_log('Entering ldap_put_user_info_locally('.$login.',info_array)',0);
global $ldap_pass_placeholder;
global $submitRegistration, $submit, $uname, $email,
$nom, $prenom, $password, $password1, $status;
global $platformLanguage;
global $loginFailed, $uidReset, $_user;
/*----------------------------------------------------------
1. set the necessary variables
------------------------------------------------------------ */
$uname = $login;
$email = $info_array["email"];
$nom = $info_array["name"];
$prenom = $info_array["firstname"];
$password = $ldap_pass_placeholder;
$password1 = $ldap_pass_placeholder;
$official_code = '';
define("STUDENT", 5);
define("COURSEMANAGER", 1);
$tutor_field = api_get_setting('ldap_filled_tutor_field');
$tutor_value = api_get_setting('ldap_filled_tutor_field_value');
if (empty($tutor_field)) {
$status = STUDENT;
} else {
if (empty($tutor_value)) {
//in this case, we are assuming that the admin didn't give a criteria
// so that if the field is not empty, it is a tutor
if (!empty($info_array[$tutor_field])) {
$status = COURSEMANAGER;
} else {
$status = STUDENT;
}
} else {
//the tutor_value is filled, so we need to check the contents of the LDAP field
if (is_array($info_array[$tutor_field]) && in_array($tutor_value, $info_array[$tutor_field])) {
$status = COURSEMANAGER;
} else {
$status = STUDENT;
}
}
}
//$official_code = xxx; //example: choose an attribute
/*----------------------------------------------------------
2. add info to Chamilo
------------------------------------------------------------ */
$language = api_get_setting('platformLanguage');
if (empty($language)) {
$language = 'english';
}
$_userId = UserManager::create_user(
$prenom,
$nom,
$status,
$email,
$uname,
$password,
$official_code,
$language,
'',
'',
'ldap'
);
//echo "new user added to Chamilo, id = $_userId";
//user_id, username, password, auth_source
/*----------------------------------------------------------
3. register session
------------------------------------------------------------ */
$uData['user_id'] = $_userId;
$uData['username'] = $uname;
$uData['auth_source'] = "ldap";
$loginFailed = false;
$uidReset = true;
$_user['user_id'] = $uData['user_id'];
Session::write('_uid', $_user['user_id']);
}
/**
* The code of UGent uses these functions to authenticate.
* function AuthVerifEnseignant ($uname, $passwd)
* function AuthVerifEtudiant ($uname, $passwd)
* function Authentif ($uname, $passwd).
*
* @todo translate the comments and code to english
* @todo let these functions use the variables in config.inc instead of ldap_var.inc
*/
/**
* Checks the existence of a member in LDAP.
*
* @param string username input on keyboard
* @param string password given by user
*
* @return int 0 if authentication succeeded, 1 if password was incorrect, -1 if it didn't belong to LDAP
*/
function ldap_authentication_check($uname, $passwd)
{
//error_log('Entering ldap_authentication_check('.$uname.','.$passwd.')',0);
global $ldap_host, $ldap_port, $ldap_basedn, $ldap_host2, $ldap_port2, $ldap_rdn, $ldap_pass;
//error_log('Entering ldap_authentication_check('.$uname.','.$passwd.')',0);
// Establish anonymous connection with LDAP server
// Etablissement de la connexion anonyme avec le serveur LDAP
$ds = ldap_connect($ldap_host, $ldap_port);
ldap_set_version($ds);
$test_bind = false;
$test_bind_res = ldap_handle_bind($ds, $test_bind);
//if problem, use the replica
if ($test_bind_res === false) {
$ds = ldap_connect($ldap_host2, $ldap_port2);
ldap_set_version($ds);
} // else: error_log('Connected to server '.$ldap_host);
if ($ds !== false) {
//Creation of filter containing values input by the user
// Here it might be necessary to use $filter="(samaccountName=$uname)"; - see http://support.chamilo.org/issues/4675
$filter = "(uid=$uname)";
// Open anonymous LDAP connection
$result = false;
$ldap_bind_res = ldap_handle_bind($ds, $result);
// Executing the search with the $filter parametr
//error_log('Searching for '.$filter.' on LDAP server',0);
$sr = ldap_search($ds, $ldap_basedn, $filter);
$info = ldap_get_entries($ds, $sr);
$dn = ($info[0]["dn"]);
// debug !! echo"<br> dn = $dn<br> pass = $passwd<br>";
// closing 1st connection
ldap_close($ds);
}
// test the Distinguish Name from the 1st connection
if ($dn == "") {
return -1; // doesn't belong to the addressbook
}
//bug ldap.. if password empty, return 1!
if ($passwd == "") {
return 1;
}
// Opening 2nd LDAP connection : Connection user for password check
$ds = ldap_connect($ldap_host, $ldap_port);
ldap_set_version($ds);
if (!$test_bind) {
$ds = ldap_connect($ldap_host2, $ldap_port2);
ldap_set_version($ds);
}
// return in case of wrong password connection error
if (@ldap_bind($ds, $dn, $passwd) === false) {
return 1; // invalid password
} else {// connection successfull
return 0;
}
} // end of check
/**
* Set the protocol version with version from config file (enables LDAP version 3).
*
* @param resource resource LDAP connexion resource, passed by reference
*/
function ldap_set_version(&$resource)
{
//error_log('Entering ldap_set_version(&$resource)',0);
global $ldap_version;
if ($ldap_version > 2) {
ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3);
//ok - don't do anything
//failure - should switch back to version 2 by default
}
}
/**
* Handle bind (whether authenticated or not).
*
* @param resource The LDAP handler to which we are connecting (by reference)
* @param resource The LDAP bind handler we will be modifying
* @param bool $ldap_bind
*
* @return bool Status of the bind assignment. True for success, false for failure.
*/
function ldap_handle_bind(&$ldap_handler, &$ldap_bind)
{
//error_log('Entering ldap_handle_bind(&$ldap_handler,&$ldap_bind)',0);
global $ldap_rdn, $ldap_pass, $extldap_config;
$ldap_rdn = $extldap_config['admin_dn'];
$ldap_pass = $extldap_config['admin_password'];
if (!empty($ldap_rdn) and !empty($ldap_pass)) {
//error_log('Trying authenticated login :'.$ldap_rdn.'/'.$ldap_pass,0);
$ldap_bind = ldap_bind($ldap_handler, $ldap_rdn, $ldap_pass);
if (!$ldap_bind) {
//error_log('Authenticated login failed',0);
//try in anonymous mode, you never know...
$ldap_bind = ldap_bind($ldap_handler);
}
} else {
// this is an "anonymous" bind, typically read-only access:
$ldap_bind = ldap_bind($ldap_handler);
}
if (!$ldap_bind) {
return false;
} else {
//error_log('Login finally OK',0);
return true;
}
}
/**
* Get the total number of users on the platform.
*
* @see SortableTable#get_total_number_of_items()
*
* @author Mustapha Alouani
*/
function ldap_get_users()
{
global $ldap_basedn, $ldap_host, $ldap_port, $ldap_rdn, $ldap_pass, $ldap_search_dn, $extldap_user_correspondance;
$keyword_firstname = isset($_GET['keyword_firstname']) ? trim(Database::escape_string($_GET['keyword_firstname'])) : '';
$keyword_lastname = isset($_GET['keyword_lastname']) ? trim(Database::escape_string($_GET['keyword_lastname'])) : '';
$keyword_username = isset($_GET['keyword_username']) ? trim(Database::escape_string($_GET['keyword_username'])) : '';
$keyword_type = isset($_GET['keyword_type']) ? Database::escape_string($_GET['keyword_type']) : '';
$ldap_query = [];
if ($keyword_username != "") {
$ldap_query[] = str_replace('%username%', $keyword_username, $ldap_search_dn);
} else {
if ($keyword_lastname != "") {
$ldap_query[] = "(".$extldap_user_correspondance['lastname']."=".$keyword_lastname."*)";
}
if ($keyword_firstname != "") {
$ldap_query[] = "(".$extldap_user_correspondance['firstname']."=".$keyword_firstname."*)";
}
}
if ($keyword_type != "" && $keyword_type != "all") {
$ldap_query[] = "(employeeType=".$keyword_type.")";
}
if (count($ldap_query) > 1) {
$str_query = "(& ";
foreach ($ldap_query as $query) {
$str_query .= " $query";
}
$str_query .= " )";
} else {
$str_query = count($ldap_query) > 0 ? $ldap_query[0] : null;
}
$ds = ldap_connect($ldap_host, $ldap_port);
ldap_set_version($ds);
if ($ds && count($ldap_query) > 0) {
$r = false;
$res = ldap_handle_bind($ds, $r);
//$sr = ldap_search($ds, "ou=test-ou,$ldap_basedn", $str_query);
$sr = ldap_search($ds, $ldap_basedn, $str_query);
//echo "Le nombre de resultats est : ".ldap_count_entries($ds,$sr)."<p>";
$info = ldap_get_entries($ds, $sr);
return $info;
} else {
if (count($ldap_query) != 0) {
echo Display::return_message(get_lang('LDAPConnectionError'), 'error');
}
return [];
}
}
/**
* Get the total number of users on the platform.
*
* @see SortableTable#get_total_number_of_items()
*
* @author Mustapha Alouani
*/
function ldap_get_number_of_users()
{
$info = ldap_get_users();
if (count($info) > 0) {
return $info['count'];
} else {
return 0;
}
}
/**
* Get the users to display on the current page.
*
* @see SortableTable#get_table_data($from)
*
* @author Mustapha Alouani
*/
function ldap_get_user_data($from, $number_of_items, $column, $direction)
{
global $extldap_user_correspondance;
$users = [];
$is_western_name_order = api_is_western_name_order();
if (isset($_GET['submit'])) {
$info = ldap_get_users();
if ($info['count'] > 0) {
for ($key = 0; $key < $info["count"]; $key++) {
$user = [];
// Get uid from dn
//YW: this might be a variation between LDAP 2 and LDAP 3, but in LDAP 3, the uid is in
//the corresponding index of the array
//$dn_array=ldap_explode_dn($info[$key]["dn"],1);
//$user[] = $dn_array[0]; // uid is first key
//$user[] = $dn_array[0]; // uid is first key
$user[] = $info[$key][$extldap_user_correspondance['username']][0];
$user[] = $info[$key][$extldap_user_correspondance['username']][0];
if ($is_western_name_order) {
$user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['firstname']][0], api_get_system_encoding(), 'UTF-8');
$user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['lastname']][0], api_get_system_encoding(), 'UTF-8');
} else {
$user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['firstname']][0], api_get_system_encoding(), 'UTF-8');
$user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['lastname']][0], api_get_system_encoding(), 'UTF-8');
}
$user[] = $info[$key]['mail'][0];
$user[] = $info[$key][$extldap_user_correspondance['username']][0];
$users[] = $user;
}
} else {
echo Display::return_message(get_lang('NoUser'), 'error');
}
}
return $users;
}
/**
* Build the modify-column of the table.
*
* @param int $user_id The user id
* @param string $url_params
*
* @return string Some HTML-code with modify-buttons
*
* @author Mustapha Alouani
*/
function modify_filter($user_id, $url_params, $row)
{
$query_string = "id[]=".$row[0];
if (!empty($_GET['id_session'])) {
$query_string .= '&amp;id_session='.Security::remove_XSS($_GET['id_session']);
}
$icon = '';
if (UserManager::is_username_available($user_id)) {
$icon = 'invitation_friend.png';
} else {
$icon = 'reload.png';
}
//$url_params_id="id=".$row[0];
$result = '<a href="ldap_users_list.php?action=add_user&amp;user_id='.$user_id.'&amp;'.$query_string.'&amp;sec_token='.Security::getTokenFromSession().'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, api_get_system_encoding()))."'".')) return false;">'.Display::return_icon($icon, get_lang('AddUsers')).'</a>';
return $result;
}
/**
* Adds a user to the Chamilo database or updates its data.
*
* @param string username (and uid inside LDAP)
*
* @author Mustapha Alouani
*/
function ldap_add_user($login)
{
if ($ldap_user = extldap_authenticate($login, 'nopass', true)) {
return extldap_add_user_by_array($ldap_user);
}
}
function ldap_add_user_by_array($data, $update_if_exists = true)
{
$lastname = api_convert_encoding($data['sn'][0], api_get_system_encoding(), 'UTF-8');
$firstname = api_convert_encoding($data['cn'][0], api_get_system_encoding(), 'UTF-8');
$email = $data['mail'][0];
// Get uid from dn
$dn_array = ldap_explode_dn($data['dn'], 1);
$username = $dn_array[0]; // uid is first key
$outab[] = $data['edupersonprimaryaffiliation'][0]; // Here, "student"
//$val = ldap_get_values_len($ds, $entry, "userPassword");
//$val = ldap_get_values_len($ds, $data, "userPassword");
//$password = $val[0];
// TODO the password, if encrypted at the source, will be encrypted twice, which makes it useless. Try to fix that.
$password = $data['userPassword'][0];
$structure = $data['edupersonprimaryorgunitdn'][0];
$array_structure = explode(",", $structure);
$array_val = explode("=", $array_structure[0]);
$etape = $array_val[1];
$array_val = explode("=", $array_structure[1]);
$annee = $array_val[1];
// To ease management, we add the step-year (etape-annee) code
$official_code = $etape."-".$annee;
$auth_source = 'ldap';
// No expiration date for students (recover from LDAP's shadow expiry)
$expiration_date = '';
$active = 1;
if (empty($status)) {
$status = 5;
}
if (empty($phone)) {
$phone = '';
}
if (empty($picture_uri)) {
$picture_uri = '';
}
// Adding user
$user_id = 0;
if (UserManager::is_username_available($username)) {
$user_id = UserManager::create_user(
$firstname,
$lastname,
$status,
$email,
$username,
$password,
$official_code,
api_get_setting('platformLanguage'),
$phone,
$picture_uri,
$auth_source,
$expiration_date,
$active
);
} else {
if ($update_if_exists) {
$user = api_get_user_info($username);
$user_id = $user['user_id'];
UserManager::update_user(
$user_id,
$firstname,
$lastname,
$username,
null,
null,
$email,
$status,
$official_code,
$phone,
$picture_uri,
$expiration_date,
$active
);
}
}
return $user_id;
}
/**
* Adds a list of users to one session.
*
* @param array Array of user ids
* @param string Course code
*/
function ldap_add_user_to_session($UserList, $id_session)
{
// Database Table Definitions
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
$tbl_session_rel_class = Database::get_main_table(TABLE_MAIN_SESSION_CLASS);
$tbl_session_rel_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
$tbl_session_rel_course_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
$tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$tbl_session_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_USER);
$tbl_class = Database::get_main_table(TABLE_MAIN_CLASS);
$tbl_class_user = Database::get_main_table(TABLE_MAIN_CLASS_USER);
$id_session = (int) $id_session;
// Once users are imported in the users base, we can assign them to the session
$result = Database::query("SELECT c_id FROM $tbl_session_rel_course WHERE session_id ='$id_session'");
$CourseList = [];
while ($row = Database::fetch_array($result)) {
$CourseList[] = $row['c_id'];
}
foreach ($CourseList as $enreg_course) {
foreach ($UserList as $enreg_user) {
$enreg_user = (int) $enreg_user;
Database::query("INSERT IGNORE ".
" INTO $tbl_session_rel_course_rel_user ".
"(session_id,c_id,user_id) VALUES ".
"('$id_session','$enreg_course','$enreg_user')");
}
$sql = "SELECT COUNT(user_id) as nbUsers ".
" FROM $tbl_session_rel_course_rel_user ".
" WHERE session_id='$id_session' ".
" AND c_id='$enreg_course'";
$rs = Database::query($sql);
list($nbr_users) = Database::fetch_array($rs);
Database::query("UPDATE $tbl_session_rel_course ".
" SET nbr_users=$nbr_users ".
" WHERE session_id='$id_session' ".
" AND c_id='$enreg_course'");
}
foreach ($UserList as $enreg_user) {
$enreg_user = (int) $enreg_user;
Database::query("INSERT IGNORE INTO $tbl_session_rel_user ".
" (session_id, user_id, registered_at) ".
" VALUES('$id_session','$enreg_user', '".api_get_utc_datetime()."')");
}
// We update the number of users in the session
$sql = "SELECT COUNT(user_id) as nbUsers FROM $tbl_session_rel_user ".
" WHERE session_id='$id_session' ".
" AND relation_type<>".SESSION_RELATION_TYPE_RRHH." ";
$rs = Database::query($sql);
list($nbr_users) = Database::fetch_array($rs);
Database::query("UPDATE $tbl_session SET nbr_users=$nbr_users ".
" WHERE id='$id_session'");
}
/**
* Synchronize users from the configured LDAP connection (in auth.conf.php). If
* configured to disable old users,.
*
* @param bool $disableOldUsers Whether to disable users who have disappeared from LDAP (true) or just leave them be (default: false)
* @param bool $deleteStudents Go one step further and delete completely students missing from LDAP
* @param bool $deleteTeachers Go even one step further and also delete completely teachers missing from LDAP
*
* @return int Total number of users added (not counting possible removals)
*/
function syncro_users(
$disableOldUsers = false,
$deleteStudents = false,
$deleteTeachers = false
) {
global $ldap_basedn, $ldap_host, $ldap_port, $ldap_rdn, $ldap_pass, $ldap_search_dn, $debug;
$i = 0;
if ($debug) {
error_log('Connecting... ('.__FUNCTION__.')');
}
$ldapConnect = ldap_connect($ldap_host, $ldap_port);
ldap_set_version($ldapConnect);
if ($ldapConnect) {
if ($debug) {
error_log('Connected to LDAP server successfully! Binding... ('.__FUNCTION__.')');
}
$ldapBind = false;
$ldapBindRes = ldap_handle_bind($ldapConnect, $ldapBind);
if ($ldapBindRes) {
if ($debug) {
error_log('Bind successful! Searching for uid in LDAP DC: '.$ldap_search_dn);
}
$allUserQuery = "uid=*";
if (!empty($ldap_search_dn)) {
$sr = ldap_search($ldapConnect, $ldap_search_dn, $allUserQuery);
} else {
//OLD: $sr=ldap_search($ldapconnect,"dc=rug, dc=ac, dc=be", "uid=$login");
$sr = ldap_search($ldapConnect, $ldap_basedn, $allUserQuery);
}
if ($debug) {
error_log('Entries returned: '.ldap_count_entries($ldapConnect, $sr));
}
$info = ldap_get_entries($ldapConnect, $sr);
for ($key = 0; $key < $info['count']; $key++) {
$user_id = ldap_add_user_by_array($info[$key], false);
if ($user_id) {
if ($debug) {
error_log('User #'.$user_id.' created from LDAP');
}
$i++;
} else {
if ($debug) {
error_log('User '.$info[$key]['sn'][0].' ('.$info[$key]['mail'][0].') could not be created');
}
}
}
if ($disableOldUsers === true) {
if ($debug) {
error_log('Disable mode selected in '.__FUNCTION__);
if ($deleteStudents) {
error_log('...with complete deletion of users if disabled');
}
}
// Get a big array of all user IDs, usernames only if they are
// registered as auth_source = 'ldap'
// This array will take about 60 bytes per user in memory, so
// having 100K users should only take a few (6?) MB and will
// highly reduce the number of DB queries
$usersDBShortList = [];
$usersLDAPShortList = [];
$sql = "SELECT id, username, status FROM user WHERE auth_source = 'ldap' ORDER BY username";
$res = Database::query($sql);
if ($res !== false) {
// First build a list of users present in LDAP
for ($key = 0; $key < $info['count']; $key++) {
$dn_array = ldap_explode_dn($info[$key]['dn'], 1);
$usersLDAPShortList[$dn_array[0]] = 1;
}
// Go through all 'extldap' users. For any that cannot
// be found in the LDAP list, disable
while ($row = Database::fetch_assoc($res)) {
$usersDBShortList[$row['username']] = $row['id'];
// If any of those users is NOT in LDAP, disable or remove
if (empty($usersLDAPShortList[$row['username']])) {
if ($deleteStudents === true && $row['status'] == 5) {
UserManager::delete_user($usersDBShortList[$row['username']]);
if ($debug) {
error_log('Student '.$row['username'].' removed from Chamilo');
}
} elseif ($deleteTeachers === true && $row['status'] == 1) {
UserManager::delete_user($usersDBShortList[$row['username']]);
if ($debug) {
error_log('Teacher '.$row['username'].' removed from Chamilo');
}
} else {
UserManager::disable($usersDBShortList[$row['username']]);
if ($debug) {
error_log('User '.$row['username'].' disabled in Chamilo');
}
}
}
}
}
}
if ($debug) {
error_log('Data for '.$info['count'].' items processed');
}
//echo "Data for ".$info["count"]." items returned:<p>";
} else {
error_log('Could not bind to LDAP server');
}
ldap_close($ldapConnect);
} else {
error_log('Could not connect to LDAP server');
}
error_log('Ended execution of function '.__FUNCTION__);
}

6
main/auth/ldap/index.html
Unescape View File

@ -1,6 +0,0 @@
<html>
<head>
</head>
<body>
</body>
</html>

47
main/auth/ldap/ldap_var.inc.php
Unescape View File

@ -1,47 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
/**
* LDAP settings
* In the older code, there was a distinction between
* the teacher and student LDAP server. Later I decided not
* to make this distinction. However, it could be built in
* in the future but then perhaps in a more general way.
*
* Originally, Thomas and I agreed to store all settings in one file
* (configuration.php) to make it easier for claroline admins to make changes.
* Since October 2003, this changed: the include directory has been
* changed to be called "inc", and all tools should have their own file(s).
*
* This file "ldap_var.inc.php" was already used by the
* older french authentification functions. I have moved the new
* variables from the configuration.php to here as well.
*
* @author Roan Embrechts
*
* @package chamilo.auth.ldap
*/
/**
* Configuration settings.
*/
// your ldap server
$ldap_host = $extldap_config['host'][0];
// your ldap server's port number
$ldap_port = @$extldap_config['port'] ?: null;
//domain
$ldap_basedn = $extldap_config['base_dn'];
//search term for students
$ldap_search_dn = $extldap_config['user_search'];
//additional server params for use of replica in case of problems
$ldap_host2 = count($extldap_config['host']) > 1 ? $extldap_config['host'][1] : null;
$ldap_port2 = $extldap_config['port'];
//protocol version - set to 3 for LDAP 3
$ldap_version = $extldap_config['protocol_version'];
//non-anonymous LDAP mode
$ldap_rdn = $extldap_config['admin_dn'];
$ldap_pass = $extldap_config['admin_password'];
$ldap_pass_placeholder = "PLACEHOLDER";

44
main/auth/ldap/login.php
Unescape View File

@ -1,44 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
use ChamiloSession as Session;
/**
* Users trying to login, who already exist in the Chamilo database
* and have ldap as authentication type get verified here.
*
* @author Roan Embrechts
*
* @package chamilo.auth.ldap
*/
/**
* An external authentification module needs to set
* - $loginFailed
* - $uidReset
* - $_user['user_id']
* - register the $_user['user_id'] in the session.
*
* As the LDAP code shows, this is not as difficult as you might think.
* LDAP authentification module
* this calls the loginWithLdap function
* from the LDAP library, and sets a few
* variables based on the result.
*/
//require_once('../../inc/global.inc.php'); - this script should be loaded by the /index.php script anyway, so global is already loaded
require_once 'authldap.php';
$loginLdapSucces = ldap_login($login, $password);
if ($loginLdapSucces) {
$loginFailed = false;
$uidReset = true;
$_user['user_id'] = $uData['user_id'];
Session::write('_uid', $_uid);
// Jand: copied from event_login in events.lib.php to enable login statistics:
Event::eventLogin($uData['user_id']);
} else {
$loginFailed = true;
unset($_user['user_id']);
$uidReset = false;
}

36
main/auth/ldap/newUser.php
Unescape View File

@ -1,36 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
/**
* Users trying to login, who do not yet exist in the Chamilo database,
* can be added by this script which tries to retrieve ldap information
* about them.
*
* @author Roan Embrechts
*
* @package chamilo.auth.ldap
*/
/**
* when a user does not exist yet in dokeos,
* but he or she does exist in the LDAP,
* we add him to the dokeos database.
*/
//require_once('../../inc/global.inc.php'); - this script should be loaded by the /index.php script anyway, so global is already loaded
require_once 'authldap.php';
$ldap_login_success = ldap_login($login, $password);
if ($ldap_login_success) {
//error_log('Found user '.$login.' on LDAP server',0);
/*
In here, we know that
- the user does not exist in dokeos
- the users login and password are correct
*/
$info_array = ldap_find_user_info($login);
ldap_put_user_info_locally($login, $info_array);
} else {
//error_log('Could not find '.$login.' on LDAP server',0);
$loginFailed = true;
unset($_user['user_id']);
$uidReset = false;
}

6
main/auth/ldap/syncro_users.php
Unescape View File

@ -1,6 +0,0 @@
<?php
require_once '../../inc/global.inc.php';
require_once 'authldap.php';
syncro_users();

10
main/auth/shibboleth/_readme.txt
Unescape View File

@ -1,10 +0,0 @@
Shibboleth authentication module.
@license see /license.txt
@author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
To use install Shibboleth on your web server and secure the application url
with a web server security directive.
Modify configuration to your federation's needs.

158
main/auth/shibboleth/app/controller/shibboleth_controller.class.php
Unescape View File

@ -1,158 +0,0 @@
<?php
namespace Shibboleth;
use \Redirect;
use \Display;
use IndexManager;
/**
* Controller for the Shibboleth authentication system.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethController
{
/**
*
* @return ShibbolethController
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
/**
* Log user in with Shibboleth authentication
*/
function login()
{
if (Shibboleth::session()->is_logged_in())
{
Redirect::home();
}
$user = Shibboleth::store()->get_user();
if ($user->is_empty())
{
$message = get_lang('SystemCouldNotLogYouIn');
Shibboleth::display()->error_page($message);
}
$is_new_user = !User::store()->shibboleth_id_exists($user->unique_id);
if ($is_new_user && empty($user->email) && Shibboleth::config()->is_email_mandatory)
{
$form = ShibbolethEmailForm::instance();
if ($email = $form->get_email())
{
$user->email = $email;
}
else
{
$content = $form->display();
Shibboleth::display()->page($content);
}
}
Shibboleth::save($user);
$chamilo_user = User::store()->get_by_shibboleth_id($user->unique_id);
Shibboleth::session()->login($chamilo_user->user_id);
if ($is_new_user && $user->status_request)
{
Shibboleth::redirect('/main/auth/shibboleth/app/view/request.php');
}
else
{
Shibboleth::redirect();
}
}
/**
* Log user in using the standard Chamilo way of logging in.
* Useful when the normal login screen is removed from the user interface
* - replaced by Shibboleth login - and user want to login using a standard
* account
*/
public function admin_login()
{
$title = get_lang('InternalLogin');
if (Shibboleth::session()->is_logged_in())
{
$message = get_lang('AlreadyLoggedIn');
Shibboleth::display()->message_page($message, $title);
}
$index_manager = new IndexManager('');
$html = $index_manager->display_login_form();
Shibboleth::display()->page($html, $title);
}
/**
* Display the request new status page to administrator for new users.
*/
public function request_status()
{
/*
* That may happen if a user visit that url again.
*/
if (!Shibboleth::session()->is_logged_in())
{
Shibboleth::redirect();
}
$user = Shibboleth::session()->user();
if ($user['status'] == Shibboleth::TEACHER_STATUS)
{
//Maximum user right is reached.
Shibboleth::redirect();
}
$form = ShibbolethStatusRequestForm::instance();
if ($form->cancelled())
{
Shibboleth::redirect();
}
if ($reason = $form->get_reason())
{
$subject = get_lang('RequestStatus');
$status = $form->get_status();
$status = Shibboleth::format_status($status);
$message = <<<EOT
New status: $status
Reason:
$reason
EOT;
$success = Shibboleth::email_admin($subject, $message);
if ($success)
{
$request_submitted = get_lang('RequestSubmitted');
Shibboleth::display()->message_page($request_submitted);
}
else
{
$request_failed = get_lang('RequestFailed');
Shibboleth::display()->error_page($request_failed);
}
}
$title = get_lang('RequestStatus');
Display :: display_header($title);
echo $form->display();
Display :: display_footer();
}
}

44
main/auth/shibboleth/app/model/admin.class.php
Unescape View File

@ -1,44 +0,0 @@
<?php
namespace Shibboleth;
require_once __DIR__.'/scaffold/admin.class.php';
/**
* A Chamilo admin. Model for the Admin table.
*
* Should be moved to the core. It only exists because it is not available through
* the API.
*
* The _Admin objet is generated by the scaffolder. Admin inherits from it to allow
* modifications without touching the generated file. Don't modify _Admin as
* it may change in the future. Instead add modifications to this class.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class Admin extends _Admin
{
}
/**
* Store for Admin objects. Interact with the database. Allows to save and retrieve
* admin objects.
*
* Should be moved to the core. It only exists because it is not available through
* the API.
*
* The _AdminStore objet is generated by the scaffolder. This class inherits from it to allow
* modifications without touching the generated file. Don't modify the _ object as
* it may change in the future. Instead add modifications to this class.
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class AdminStore extends _AdminStore
{
}

134
main/auth/shibboleth/app/model/scaffold/admin.class.php
Unescape View File

@ -1,134 +0,0 @@
<?php
namespace Shibboleth;
/**
* This file is autogenerated. Do not modifiy it.
*/
/**
*
* Model for table admin
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class _Admin
{
/**
* Store for Admin objects. Interact with the database.
*
* @return AdminStore
*/
public static function store()
{
static $result = false;
if (empty($result))
{
$result = new AdminStore();
}
return $result;
}
/**
*
* @return Admin
*/
public static function create($data = null)
{
return self::store()->create_object($data);
}
public $user_id = null;
/**
*
* @return bool
*/
public function save()
{
return self::store()->save($this);
}
}
/**
* Store for Admin objects. Interact with the database.
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class _AdminStore extends Store
{
/**
*
* @return AdminStore
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
public function __construct()
{
parent::__construct('admin', '\Shibboleth\Admin', 'user_id');
}
/**
*
* @return Admin
*/
public function get($w)
{
$args = func_get_args();
$f = array('parent', 'get');
return call_user_func_array($f, $args);
}
/**
*
* @return Admin
*/
public function create_object($data)
{
return parent::create_object($data);
}
/**
*
* @return Admin
*/
public function get_by_user_id($value)
{
return $this->get(array('user_id' => $value));
}
/**
*
* @return bool
*/
public function user_id_exists($value)
{
return $this->exist(array('user_id' => $value));
}
/**
*
* @return bool
*/
public function delete_by_user_id($value)
{
return $this->delete(array('user_id' => $value));
}
}

185
main/auth/shibboleth/app/model/scaffold/user.class.php
Unescape View File

@ -1,185 +0,0 @@
<?php
namespace Shibboleth;
/**
* This file is autogenerated. Do not modifiy it.
*/
/**
*
* Model for table user
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class _User
{
/**
* Store for User objects. Interact with the database.
*
* @return UserStore
*/
public static function store()
{
static $result = false;
if (empty($result))
{
$result = new UserStore();
}
return $result;
}
/**
*
* @return User
*/
public static function create($data = null)
{
return self::store()->create_object($data);
}
public $user_id = null;
public $lastname = null;
public $firstname = null;
public $username = null;
public $password = null;
public $auth_source = null;
public $shibb_unique_id = null;
public $email = null;
public $status = null;
public $official_code = null;
public $phone = null;
public $picture_uri = null;
public $creator_id = null;
public $competences = null;
public $diplomas = null;
public $openarea = null;
public $teach = null;
public $productions = null;
public $language = null;
public $registration_date = null;
public $expiration_date = null;
public $active = null;
public $openid = null;
public $theme = null;
public $hr_dept_id = null;
public $shibb_persistent_id = null;
/**
*
* @return bool
*/
public function save()
{
return self::store()->save($this);
}
}
/**
* Store for User objects. Interact with the database.
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class _UserStore extends Store
{
/**
*
* @return UserStore
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
public function __construct()
{
parent::__construct('user', '\Shibboleth\User', 'user_id');
}
/**
*
* @return User
*/
public function get($w)
{
$args = func_get_args();
$f = array('parent', 'get');
return call_user_func_array($f, $args);
}
/**
*
* @return User
*/
public function create_object($data)
{
return parent::create_object($data);
}
/**
*
* @return User
*/
public function get_by_user_id($value)
{
return $this->get(array('user_id' => $value));
}
/**
*
* @return bool
*/
public function user_id_exists($value)
{
return $this->exist(array('user_id' => $value));
}
/**
*
* @return bool
*/
public function delete_by_user_id($value)
{
return $this->delete(array('user_id' => $value));
}
/**
*
* @return User
*/
public function get_by_username($value)
{
return $this->get(array('username' => $value));
}
/**
*
* @return bool
*/
public function username_exists($value)
{
return $this->exist(array('username' => $value));
}
/**
*
* @return bool
*/
public function delete_by_username($value)
{
return $this->delete(array('username' => $value));
}
}

197
main/auth/shibboleth/app/model/shibboleth_store.class.php
Unescape View File

@ -1,197 +0,0 @@
<?php
namespace Shibboleth;
/**
* Returns Shibboleth user's values based on Shibboleth's configuration.
* Shibboleth returns not only whether a user is authenticated but returns as
* well several paralemeter fields.
*
* If a user is not authenticated nothing is returned.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethStore
{
/**
*
* @return ShibbolethStore
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
/**
*
* @return ShibbolethConfig
*/
public static function config()
{
return Shibboleth::config();
}
public function get_unique_id()
{
return $this->get(__FUNCTION__);
}
/**
* If the user has more than one surname, it is possible depending of the user
* home organization that they are all given to the resource.
* In the case of the University of Geneva, with two surnames, three different values
* for the surname are sent. They are:
* 1) "givenname1"
* 2) "givenname2"
* 3) "givenname1 givenname2"
* meaning the string is as follow: "givenname1;givenname2;givenname1 givenname2"
*
* In such a case, the correct surname is the one which is followed by a space.
* This function tests if such a situation is encountered, and returns the first given name.
*
* @author Nicolas Rod
*/
public function get_firstname()
{
$result = $this->get(__FUNCTION__);
if (!is_array($result))
{
$result = ucfirst($result);
return $result;
}
foreach ($result as $name)
{
$parts = explode(' ', $name);
if (count($parts) > 1)
{
$result = reset($parts);
$result = ucfirst($result);
return $result;
}
}
$result = reset($result);
$result = ucfirst($result);
return $result;
}
public function get_lastname()
{
$result = $this->get(__FUNCTION__);
$result = ucfirst($result);
return $result;
}
public function get_email()
{
return $this->get(__FUNCTION__);
}
public function get_language()
{
return $this->get(__FUNCTION__);
}
public function get_gender()
{
return $this->get(__FUNCTION__);
}
public function get_address()
{
return $this->get(__FUNCTION__);
}
public function get_staff_category()
{
return $this->get(__FUNCTION__);
}
public function get_home_organization_type()
{
return $this->get(__FUNCTION__);
}
public function get_home_organization()
{
return $this->get(__FUNCTION__);
}
public function get_affiliation()
{
return $this->get(__FUNCTION__);
}
/**
* @return ShibbolethUser
*/
public function get_user()
{
$result = new ShibbolethUser();
foreach ($result as $key => $val)
{
$f = array($this, "get_$key");
if (is_callable($f))
{
$result->{$key} = call_user_func($f);
}
}
return $result;
}
/**
* Returns the shibboleth value stored in $_SERVER if it exists or $default if it is not the case.
*
* @param string $name the generic name. I.e. one of the class const.
* @param string $default default value if it is not provided by Shibboleth
* @return string
*/
public function get($name = '', $default = '')
{
$config = (array) Shibboleth::config();
if ($name)
{
$name = str_replace('get_', '', $name);
$shib_name = isset($config[$name]) ? $config[$name] : '';
if ($shib_name)
{
$result = isset($_SERVER[$shib_name]) ? $_SERVER[$shib_name] : $default;
$result = explode(';', $result);
if (empty($result))
{
$result = $default;
}
else if (count($result) == 1)
{
$result = reset($result);
}
else
{
$result = $result;
}
return $result;
}
}
$result = array();
foreach ($config as $key => $val)
{
$f = array($this, "get_$key");
if (is_callable($f))
{
$result[$key] = call_user_func($f);
}
}
return $result;
}
}

33
main/auth/shibboleth/app/model/shibboleth_user.class.php
Unescape View File

@ -1,33 +0,0 @@
<?php
namespace Shibboleth;
/**
* Represent a Shibboleth user. Not to be missunderstand with a Chamilo user
* since they don't have the same attributes.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethUser
{
public $unique_id = '';
public $firstname = '';
public $lastname = '';
public $email = '';
public $language = '';
public $gender = '';
public $address = '';
public $staff_category = '';
public $home_organization_type = '';
public $home_organization = '';
public $affiliation = '';
public $persistent_id = '';
public function is_empty()
{
return empty($this->unique_id);
}
}

95
main/auth/shibboleth/app/model/user.class.php
Unescape View File

@ -1,95 +0,0 @@
<?php
namespace Shibboleth;
require_once __DIR__.'/scaffold/user.class.php';
/**
* A Chamilo user. Model for the User table.
*
* Should be moved to the core. It only exists because it is not available through
* the API.
*
* The _User objet is generated by the scaffolder. User inherits from it to allow
* modifications without touching the generated file. Don't modify _User as
* it may change in the future. Instead add modifications to this class.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class User extends _User
{
}
/**
* Store for User objects. Interact with the database. Allows to save and retrieve
* user objects.
*
* Should be moved to the core. It only exists because it is not available through
* the API.
*
* The _UserStore objet is generated by the scaffolder. This class inherits from it to allow
* modifications without touching the generated file. Don't modify the _ object as
* it may change in the future. Instead add modifications to this class.
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class UserStore extends _UserStore
{
function __construct()
{
parent::__construct();
ShibbolethUpgrade::update();
}
/**
*
* @param string $id
* @return User
*/
public function get_by_shibboleth_id($id)
{
return $this->get(array('shibb_unique_id' => $id));
}
/**
* @param string $id
*/
public function shibboleth_id_exists($id)
{
return $this->exist(array('shibb_unique_id' => $id));
}
/**
*
* @param User $object
*/
protected function before_save($object)
{
$object->username = $object->username ? $object->username : $this->generate_username();
$object->password = $object->password ? $object->password : api_generate_password();
$object->language = $object->language ? $object->language : $this->default_language();
}
function default_language()
{
return api_get_setting('platformLanguage');
}
function generate_username()
{
$result = uniqid('s', true);
$result = str_replace('.', '', $result);
while ($this->username_exists($result))
{
$result = uniqid('s', true);
$result = str_replace('.', '', $result);
}
return $result;
}
}

266
main/auth/shibboleth/app/shibboleth.class.php
Unescape View File

@ -1,266 +0,0 @@
<?php
namespace Shibboleth;
use \Redirect;
/**
* Shibboleth main class. Provides access to various Shibboleth sub components and
* provides the high level functionalities.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class Shibboleth
{
const NAME = 'shibboleth';
const UNKNOWN_STATUS = -1;
const TEACHER_STATUS = 1;
const STUDENT_STATUS = 5;
static $config = null;
public static function format_status($status)
{
if ($status == Shibboleth::TEACHER_STATUS) {
return 'Teacher';
} else if ($status == Shibboleth::STUDENT_STATUS) {
return 'Student';
} else if ($status == Shibboleth::UNKNOWN_STATUS) {
return 'Unknown';
} else {
return '???';
}
}
/**
*
* @return ShibbolethConfig
*/
public static function config()
{
self::$config = self::$config ? self::$config : new ShibbolethConfig();
return self::$config;
}
public static function set_config($config)
{
self::$config = $config;
}
/**
*
* @return ShibbolethSession
*/
public static function session()
{
return ShibbolethSession::instance();
}
/**
*
* @return ShibbolethStore
*/
public static function store()
{
return ShibbolethStore::instance();
}
/**
*
* @return ShibbolethDisplay
*/
public static function display()
{
return ShibbolethDisplay::instance();
}
public static function sys_path()
{
$path = __DIR__.'/../';
return $path;
}
public static function url($path = '')
{
$result = api_get_path('WEB_PATH');
$result .= '/main/auth/shibboleth/' . $path;
return $result;
}
public static function redirect($url = '')
{
if (empty($url)) {
$url = isset($_SESSION['shibb_direct_url']) ? $_SESSION['shibb_direct_url'] : '';
unset($_SESSION['shibb_direct_url']);
/*
* Tests if the user tried to login directly in a protected course before to come here
* (this variable could be set in the modified code of /chamilo/inc/lib/main_api.lib.php)
*
* Note:
* this part was added to give the possibility to access Chamilo directly on a course URL from a link diplayed in a portal.
* This is not a direct Shibboleth related functionnality, but this could be used in a shibbolethized
* Dokeos installation, mainly if you have a SSO system in your network.
* Please note that the file /claroline/inc/lib/main_api.lib.php must be adapted to your Shibboleth settings
* If any interest or question, please contact Nicolas.Rod_at_adm.unige.ch
*
*/
}
if ($url) {
//needed to log the user in his courses. Normally it is done by visiting /chamilo/index.php
// $include_path = api_get_path(INCLUDE_PATH);
// require("$include_path/local.inc.php");
//
// if (strpos($url, '?') === false) {
// $url = "$url?";
// }
//
// $rootWeb = api_get_path('WEB_PATH');
// $first_slash_pos = strpos($rootWeb, '/', 8);
// $rootWeb_wo_uri = substr($rootWeb, 0, $first_slash_pos);
// $url = $rootWeb_wo_uri . $course_url . '_stop';
Redirect::go($url);
}
Redirect::home();
}
/**
*
* @param ShibbolethUser $shibb_user
*/
public static function save($shibb_user)
{
$shibb_user->status = self::infer_user_status($shibb_user);
$shibb_user->status_request = self::infer_status_request($shibb_user);
$shibb_user->shibb_unique_id = $shibb_user->unique_id;
$shibb_user->shibb_persistent_id = $shibb_user->persistent_id;
$user = User::store()->get_by_shibboleth_id($shibb_user->unique_id);
if (empty($user)) {
$shibb_user->auth_source == self::NAME;
return User::create($shibb_user)->save();
}
$shibb_user->status_request = false;
$fields = self::config()->update_fields;
foreach ($fields as $key => $updatable) {
if ($updatable) {
$user->{$key} = $shibb_user->{$key};
}
}
$user->auth_source == self::NAME;
$user->shibb_unique_id = $shibb_user->shibb_unique_id;
$user->shibb_persistent_id = $shibb_user->shibb_persistent_id;
$user->save();
return $result;
}
/**
* Infer the rights/status the user can have in Chamilo based on his affiliation attribute
*
* @param ShibbolethUser $user
* @return The Chamilo user status, one of TEACHER, STUDENT or UNKNOWN
*/
public static function infer_user_status($user)
{
$affiliations = $user->affiliation;
$affiliations = is_array($affiliations) ? $affiliations : array($affiliations);
$map = self::config()->affiliation_status;
$rights = array();
foreach ($affiliations as $affiliation) {
$affiliation = strtolower($affiliation);
if (isset($map[$affiliation])) {
$right = $map[$affiliation];
$rights[$right] = $right;
}
}
$teacher_status = isset($rights[self::TEACHER_STATUS]);
$student_status = isset($rights[self::STUDENT_STATUS]);
//if the user has got teacher rights, we doesn't check anything else
if ($teacher_status) {
return self::TEACHER_STATUS;
}
if ($student_status) {
return self::STUDENT_STATUS;
}
$result = self::config()->default_status;
$result = (int) $result;
$result = ($result == Shibboleth::TEACHER_STATUS || $result == Shibboleth::STUDENT_STATUS) ? $result : Shibboleth::UNKNOWN_STATUS;
return $result;
}
/**
* Return true if the user can ask for a greater status than student.
* This happens for staff members.
*
* @param ShibbolethUser $user
* @return boolean
*/
public static function infer_status_request($user)
{
if ($user->status == self::TEACHER_STATUS) {
return false;
}
if ($user->status == self::UNKNOWN_STATUS) {
return true;
}
$config = Shibboleth::config();
$affiliations = $user->affiliation;
$affiliations = is_array($affiliations) ? $affiliations : array($affiliations);
foreach ($affiliations as $affiliation) {
$result = isset($config->affiliation_status_request[$affiliation]) ? $config->affiliation_status_request[$affiliation] : false;
if ($result) {
return true;
}
}
return false;
}
/**
* Sends an email to the Chamilo and Shibboleth administrators in the name
* of the logged-in user.
*
* @param string $subject
*/
public static function email_admin($subject, $message)
{
$user = Shibboleth::session()->user();
$firstname = $user['firstname'];
$lastname = $user['lastname'];
$email = $user['email'];
$status = $user['status'];
$status = self::format_status($status);
$signagure = <<<EOT
_________________________
$firstname $lastname
$email
$status
EOT;
$message .= $signagure;
$header = "From: $email \n";
$shibb_admin_email = Shibboleth::config()->admnistrator_email;
if ($shibb_admin_email) {
$header .= "Cc: $shibb_admin_email";
}
$administrator_email = api_get_setting('emailAdministrator');
$result = mail($administrator_email, $subject, $message);
return (bool) $result;
}
}

18
main/auth/shibboleth/app/view/admin_login.php
Unescape View File

@ -1,18 +0,0 @@
<?php
namespace Shibboleth;
/**
* Administratrive login. Useful when the standard login is not available anymore
* which is usually the case.
*
* This page allow administrators to log into the application using the standard
* Chamilo method when Shibboleth is not available.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
$dir = __DIR__;
include_once "$dir/../../init.php";
ShibbolethController::instance()->admin_login();

20
main/auth/shibboleth/app/view/request.php
Unescape View File

@ -1,20 +0,0 @@
<?php
namespace Shibboleth;
/**
* Display the Request another status/additional rights. The request is emailed
* to the shibboleth and platform administrators for processing.
*
* Users such as staff that can be either student or teachers are presented with
* this page upon first login.
*
* Other users - teachers, students - are directly logged-in.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
$dir = __DIR__;
include_once "$dir/../../init.php";
ShibbolethController::instance()->request_status();

66
main/auth/shibboleth/app/view/shibboleth_display.class.php
Unescape View File

@ -1,66 +0,0 @@
<?php
namespace Shibboleth;
use \Display;
/**
* Utility display functions tailored for the Shibboleth pluging.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethDisplay
{
/**
*
* @return ShibbolethDisplay
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
/**
* @param string $message
*/
public function error_page($message)
{
$page_title = get_lang('ShibbolethLogin');
Display :: display_header($page_title);
echo Display::return_message($message, 'error');
Display :: display_footer();
die;
}
/**
* @param string $message
*/
public function message_page($message, $title = '')
{
$title = $title ? $title : get_lang('ShibbolethLogin');
Display::display_header($title);
echo Display::return_message($message, 'confirm');
Display::display_footer();
die;
}
public function page($content, $title = '')
{
$title = $title ? $title : get_lang('ShibbolethLogin');
Display :: display_header($title);
echo $content;
Display :: display_footer();
die;
}
}

51
main/auth/shibboleth/app/view/shibboleth_email_form.class.php
Unescape View File

@ -1,51 +0,0 @@
<?php
namespace Shibboleth;
/**
* Enter email form. When the email is mandatory and the Shibboleth email user field
* is empty the system display this form and ask the user to provide an email.
*
* @todo: add email validation
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethEmailForm
{
/**
*
* @return ShibbolethEmailForm
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
function display()
{
$email = get_lang('Email');
$submit = get_lang('Submit');
return <<<EOT
<form id="email_form" action="" method="post">
<label for="">$email</label>
<input type="text" value="" tabindex="1" name="email" id="email_email" class=""><br/>
<input type="submit" value="$submit" tabindex="2" name="submit" id="email_submit" class="submit">
</form>
EOT;
}
function get_email()
{
return isset($_POST['email']) ? $_POST['email'] : '';
}
}

97
main/auth/shibboleth/app/view/shibboleth_status_request_form.class.php
Unescape View File

@ -1,97 +0,0 @@
<?php
namespace Shibboleth;
use Display;
/**
* Status request form. Display a form allowing the user to request additional
* rights/ another status.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethStatusRequestForm
{
/**
*
* @return ShibbolethStatusRequestForm
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
function display()
{
if ($this->is_submitted() && $this->get_reason() == '')
{
$reason_is_mandatory = get_lang('ReasonIsMandatory');
echo Display::return_message($reason_is_mandatory, 'error');
}
$status_request_message = get_lang('StatusRequestMessage');
$label_new_status = get_lang('NewStatus');
$label_reason = get_lang('Reason');
$label_ok = get_lang('Ok');
$label_cancel = get_lang('Cancel');
$user = Shibboleth::session()->user();
$items = array();
if ($user['status'] == Shibboleth::UNKNOWN_STATUS)
{
$items[Shibboleth::STUDENT_STATUS] = get_lang('Student');
}
$items[Shibboleth::TEACHER_STATUS] = get_lang('Teacher');
$status_options = '';
foreach ($items as $key => $value)
{
$status_options.= "<option value=\"$key\">$value</option>";
}
return <<<EOT
<div id="askAccountText">
<p>$status_request_message</p>
</div>
<form method="post" action="request.php" id="status_request_form">
<input type="hidden" name="formPosted" value="true"/>
<label for="status">$label_new_status:</label>
<select name="status">
$status_options
</select>
<label for="reason">$label_reason:</label>
<textarea name="reason" style="min-width:400px; min-height:100px;"></textarea>
<p><input name="submit" type="submit" value="$label_ok" style="margin-right:10px;"/><input name="cancel" type="submit" value="$label_cancel" /></p>
</form>
EOT;
}
public function is_submitted()
{
return isset($_POST['submit']) ? $_POST['submit'] : false;
}
public function cancelled()
{
return isset($_POST['cancel']) ? $_POST['cancel'] : false;
}
function get_reason()
{
return isset($_POST['reason']) ? $_POST['reason'] : '';
}
function get_status()
{
return isset($_POST['status']) ? $_POST['status'] : '';
}
}

16
main/auth/shibboleth/config-dist.php
Unescape View File

@ -1,16 +0,0 @@
<?php
namespace Shibboleth;
/**
* Example of a config.php file. Not used. Configuration must appear in
* config.php.
*
* By default set up the aai configuration.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
require_once __DIR__.'/config/aai.class.php';
Shibboleth::set_config(aai::config());

69
main/auth/shibboleth/config/aai.class.php
Unescape View File

@ -1,69 +0,0 @@
<?php
namespace Shibboleth;
/**
* Shibboleth configuration for the AAI federation.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class aai
{
/**
*
* @return ShibbolethConfig
*/
public static function config()
{
$result = new ShibbolethConfig();
$result->unique_id = 'Shib-SwissEP-UniqueID';
$result->firstname = 'Shib-InetOrgPerson-givenName';
$result->lastname = 'Shib-Person-surname';
$result->email = 'Shib-InetOrgPerson-mail';
$result->language = 'Shib-InetOrgPerson-preferredLanguage';
$result->gender = 'Shib-SwissEP-Gender';
$result->address = 'Shib-OrgPerson-postalAddress';
$result->staff_category = 'Shib-SwissEP-StaffCategory';
$result->home_organization_type = 'Shib-SwissEP-HomeOrganizationType';
$result->home_organization = 'Shib-SwissEP-HomeOrganization';
$result->affiliation = 'Shib-EP-Affiliation';
$result->persistent_id = 'persistent-id';
$result->default_status = Shibboleth::STUDENT_STATUS;
$result->affiliation_status = array(
'faculty' => Shibboleth::TEACHER_STATUS,
'member' => Shibboleth::STUDENT_STATUS,
'staff' => Shibboleth::STUDENT_STATUS,
'student' => Shibboleth::STUDENT_STATUS,
);
$result->update_fields = array(
'firstname' => true,
'lastname' => true,
'email' => true,
'status' => false,
'persistent_id' => true,
);
/*
* Persistent id should never change but it was introduced after unique id.
* So we update persistent id on login for those users who are still missing it.
*/
$result->is_email_mandatory = true;
$result->affiliation_status_request = array(
'faculty' => false,
'member' => false,
'staff' => true,
'student' => false,
);
$result->admnistrator_email = '';
return $result;
}
}

85
main/auth/shibboleth/db/shibboleth_upgrade.class.php
Unescape View File

@ -1,85 +0,0 @@
<?php
namespace Shibboleth;
use \Database;
/**
* Migrate the datatabase. Adds needed fields by Shibboleth to the User table.
* Upgrade is checked at each user login so there is no need to manually run
* an upgrade.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethUpgrade
{
/**
* Create additional fields required by the shibboleth plugin if those
* are missing.
*/
public static function update()
{
static $done = false;
if ($done)
{
return false;
}
$done = true;
self::create_shibb_unique_id_field_if_missing();
self::create_shibb_persistent_id_field_if_missing();
}
/**
* Creates the 'shibb_unique_id' field in the table 'user' of the main Chamilo database if it doesn't exist yet
*
* @author Nicolas Rod
* @return false|null
*/
public static function create_shibb_unique_id_field_if_missing()
{
$db_name = Database :: get_main_database();
$sql = "SELECT * FROM `$db_name`.`user` LIMIT 1";
$result = Database::query($sql);
$row = mysql_fetch_assoc($result);
$exists = array_key_exists('shibb_unique_id', $row);
if ($exists)
{
return false;
}
//create the 'shibb_unique_id' field
$sql = "ALTER TABLE `$db_name`.`user` ADD `shibb_unique_id` VARCHAR( 60 ) AFTER `auth_source`";
$result_alter = Database::query($sql);
/*
* Index cannot be a UNIQUE index as it may exist users which don't log in through Shibboleth
* and therefore don't have any value for 'shibb_unique_id'
*/
$sql = "ALTER TABLE `$db_name`.`user` ADD INDEX ( `shibb_unique_id` )";
$result_alter = Database::query($sql);
}
public static function create_shibb_persistent_id_field_if_missing()
{
$db_name = Database :: get_main_database();
$sql = "SELECT * FROM $db_name.user LIMIT 1";
$result = Database::query($sql);
$row = mysql_fetch_assoc($result);
$exists = array_key_exists('shibb_persistent_id', $row);
if ($exists)
{
return false;
}
$sql = "ALTER table $db_name.user ADD COLUMN shibb_persistent_id varchar(255) NULL DEFAULT NULL;";
$result = Database::query($sql);
return (bool) $result;
}
}

8
main/auth/shibboleth/index.php
Unescape View File

@ -1,8 +0,0 @@
<?php
/**
* Display nothing. This ensure Apache doesn't display the list of files and folders
* when it is not propertly configured.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/

23
main/auth/shibboleth/init.php
Unescape View File

@ -1,23 +0,0 @@
<?php
namespace Shibboleth;
/**
* Initialize the Shibboleth authentication system. All scripts that can be directly
* called must include this file
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
$__dir = __DIR__.'/';
$no_redirection = true; //no redirection in global.
include_once($__dir . '/../../inc/global.inc.php');
require_once $__dir . 'config.php';
if (api_get_setting('server_type') == 'test')
{
include_once $__dir . '/test/shibboleth_test_helper.class.php';
include_once $__dir . '/test/shibboleth_test.class.php';
}

14
main/auth/shibboleth/lib/model.class.php
Unescape View File

@ -1,14 +0,0 @@
<?php
namespace Shibboleth;
/**
* Description of model
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class Model
{
}

64
main/auth/shibboleth/lib/scaffolder/scaffolder.class.php
Unescape View File

@ -1,64 +0,0 @@
<?php
namespace Shibboleth;
/**
* Scaffolder. Genereate code templates from the database layout.
* See /template/ for the code being generated
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class Scaffolder
{
/**
*
* @staticvar boolean $result
* @return Scaffolder
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
public function scaffold($table_name, $class_name = '', $prefix = '_')
{
$db_name = Database :: get_main_database();
$sql = "SELECT * FROM `$db_name`.`$table_name` LIMIT 1";
$fields = array();
$unique_fields = array();
$rs = Database::query($sql, null, __FILE__);
while ($field = mysql_fetch_field($rs))
{
$fields[] = $field;
if ($field->primary_key)
{
/**
* Could move that to an array to support multiple keys
*/
$id_name = $field->name;
}
if ($field->unique_key | $field->primary_key)
{
$keys[] = $field->name;
}
}
$name = $table_name;
$class_name = ucfirst($table_name);
ob_start();
include __DIR__.'/template/model.php';
$result = ob_get_clean();
return $result;
}
}

146
main/auth/shibboleth/lib/scaffolder/template/default.php
Unescape View File

@ -1,146 +0,0 @@
<?php
/**
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
echo '<?php';
?>
namespace Shibboleth;
/**
* This file is autogenerated. Do not modifiy it.
*/
/**
*
* Model for table <?php echo $table_name ?>
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class <?php echo $prefix . $class_name ?>
{
/**
* Store for <?php echo $class_name ?> objects. Interact with the database.
*
* @return <?php echo $class_name ?>Store
*/
public static function store()
{
static $result = false;
if (empty($result))
{
$result = new <?php echo $class_name ?>Store();
}
return $result;
}
/**
*
* @return <?php echo $class_name ?>
*/
public static function create($data = null)
{
return self::store()->create_object($data);
}
<?php foreach($fields as $field){?>
public $<?php echo $field->name; ?> = <?php echo $field->def ? $field->def : 'null'; ?>;
<?php }?>
/**
*
* @return bool
*/
public function save()
{
return self::store()->save($this);
}
}
/**
* Store for <?php echo $class_name ?> objects. Interact with the database.
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class <?php echo $prefix . $class_name ?>Store extends Store
{
/**
*
* @return <?php echo $class_name ?>Store
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
public function __construct()
{
parent::__construct('<?php echo $table_name;?>', '<?php echo $class_name;?>', '<?php echo $id_name;?>');
}
/**
*
* @return <?php echo $class_name ?>
*/
public function get($w)
{
$args = func_get_args();
$f = array('parent', 'get');
return call_user_func_array($f, $args);
}
/**
*
* @return <?php echo $class_name ?>
*/
public function create_object($data)
{
return parent::create_object($data);
}
<?php foreach($keys as $key){?>
/**
*
* @return <?php echo $class_name ?>
*/
public function get_by_<?php echo $key ?>($value)
{
return $this->get(array('<?php echo $key; ?>' => $value));
}
/**
*
* @return bool
*/
public function <?php echo $key ?>_exists($value)
{
return $this->exist(array('<?php echo $key; ?>' => $value));
}
/**
*
* @return bool
*/
public function delete_by_<?php echo $key ?>($value)
{
return $this->delete(array('<?php echo $key; ?>' => $value));
}
<?php }?>
}

146
main/auth/shibboleth/lib/scaffolder/template/model.php
Unescape View File

@ -1,146 +0,0 @@
<?php
/**
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
echo '<?php';
?>
namespace Shibboleth;
/**
* This file is autogenerated. Do not modifiy it.
*/
/**
*
* Model for table <?php echo $table_name ?>
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class <?php echo $prefix . $class_name ?>
{
/**
* Store for <?php echo $class_name ?> objects. Interact with the database.
*
* @return <?php echo $class_name ?>Store
*/
public static function store()
{
static $result = false;
if (empty($result))
{
$result = new <?php echo $class_name ?>Store();
}
return $result;
}
/**
*
* @return <?php echo $class_name ?>
*/
public static function create($data = null)
{
return self::store()->create_object($data);
}
<?php foreach($fields as $field){?>
public $<?php echo $field->name; ?> = <?php echo $field->def ? $field->def : 'null'; ?>;
<?php }?>
/**
*
* @return bool
*/
public function save()
{
return self::store()->save($this);
}
}
/**
* Store for <?php echo $class_name ?> objects. Interact with the database.
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class <?php echo $prefix . $class_name ?>Store extends Store
{
/**
*
* @return <?php echo $class_name ?>Store
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
public function __construct()
{
parent::__construct('<?php echo $table_name;?>', '<?php echo $class_name;?>', '<?php echo $id_name;?>');
}
/**
*
* @return <?php echo $class_name ?>
*/
public function get($w)
{
$args = func_get_args();
$f = array('parent', 'get');
return call_user_func_array($f, $args);
}
/**
*
* @return <?php echo $class_name ?>
*/
public function create_object($data)
{
return parent::create_object($data);
}
<?php foreach($keys as $key){?>
/**
*
* @return <?php echo $class_name ?>
*/
public function get_by_<?php echo $key ?>($value)
{
return $this->get(array('<?php echo $key; ?>' => $value));
}
/**
*
* @return bool
*/
public function <?php echo $key ?>_exists($value)
{
return $this->exist(array('<?php echo $key; ?>' => $value));
}
/**
*
* @return bool
*/
public function delete_by_<?php echo $key ?>($value)
{
return $this->delete(array('<?php echo $key; ?>' => $value));
}
<?php }?>
}

39
main/auth/shibboleth/lib/scaffolder/template/public.php
Unescape View File

@ -1,39 +0,0 @@
<?php
/**
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
echo '<?php';
?>
namespace Shibboleth;
/**
*
* Model for table <?php echo $table_name ?>
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class <?php echo $class_name ?>
{
}
/**
* Store for <?php echo $class_name ?> objects. Interact with the database.
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class <?php echo $class_name ?>Store extends Store
{
}

61
main/auth/shibboleth/lib/shibboleth_config.class.php
Unescape View File

@ -1,61 +0,0 @@
<?php
namespace Shibboleth;
/**
* Shibboleth configuration. All configuration for the Shibboleth authentication
* plugin: field names mapping, etc.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethConfig
{
public $unique_id = '';
public $firstname = '';
public $lastname = '';
public $email = '';
public $language = '';
public $gender = '';
public $address = '';
public $staff_category = '';
public $home_organization_type = '';
public $home_organization = '';
public $affiliation = '';
public $persistent_id = '';
public $default_status = Shibboleth::UNKNOWN_STATUS;
/**
* Mapping of affiliation => right
* @var array
*/
public $affiliation_status = array();
/**
* Mapping of affiliation => bool. Display the request status form.
* @var array
*/
public $affiliation_status_request = array();
/**
* List of fields to update when the user already exists field_name => boolean.
* @var array
*/
public $update_fields = array();
/*
* True if email is mandatory. False otherwise.
*/
public $is_email_mandatory = true;
/**
* The email of the shibboleth administrator.
*
* @var string
*/
public $admnistrator_email = '';
}

100
main/auth/shibboleth/lib/shibboleth_session.class.php
Unescape View File

@ -1,100 +0,0 @@
<?php
namespace Shibboleth;
use ChamiloSession as Session;
use Database;
use Event;
/**
* A Chamilo user session. Used as there is no session object so far provided by the core API.
* Should be moved to the core library.Prefixed by Shibboleth to avoid name clashes.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethSession
{
/**
* @return ShibbolethSession
*/
public static function instance()
{
static $result = false;
if (empty($result)) {
$result = new self();
}
return $result;
}
function is_logged_in()
{
return isset($_SESSION['_user']['user_id']);
}
function user()
{
return $_SESSION['_user'];
}
function logout()
{
$_SESSION['_user'] = array();
online_logout(null, false);
global $logoutInfo;
Event::courseLogout($logoutInfo);
}
/**
* Create a Shibboleth session for the user ID
*
* @param string $uid The user ID
* @return array $_user The user infos array created when the user logs in
*/
function login($uid)
{
/* This must be set for local.inc.php to register correctly the global variables in session
* This is BAD. Logic should be migrated into a function and stop relying on global variables.
*/
global $_uid, $is_allowedCreateCourse, $is_platformAdmin, $_real_cid, $is_courseAdmin;
global $is_courseMember, $is_courseTutor, $is_session_general_coach, $is_allowed_in_course, $is_sessionAdmin, $_gid;
$_uid = $uid;
//is_allowedCreateCourse
$user = User::store()->get_by_user_id($uid);
if (empty($user)) {
return;
}
$this->logout();
Session::instance();
Session::write('_uid', $_uid);
global $_user;
$_user = (array) $user;
$_SESSION['_user'] = $_user;
$_SESSION['_user']['user_id'] = $_uid;
$_SESSION['noredirection'] = true;
//must be called before 'init_local.inc.php'
Event::eventLogin($_uid);
//used in 'init_local.inc.php' this is BAD but and should be changed
$loginFailed = false;
$uidReset = true;
$gidReset = true;
$cidReset = false; //FALSE !!
$mainDbName = Database :: get_main_database();
$includePath = api_get_path(SYS_INC_PATH);
$no_redirection = true;
require("$includePath/local.inc.php");
return $_user;
}
}

357
main/auth/shibboleth/lib/store.class.php
Unescape View File

@ -1,357 +0,0 @@
<?php
namespace Shibboleth;
use \Database;
/**
* A database store. Used interact with the database - save objects, run queries.
*
* One store = one table.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class Store
{
/**
*
* @return Store
*/
public static function create($table_name, $class_name = '', $id_name = 'id', $db_name = '')
{
return new self($table_name, $class_name, $id_name, $db_name);
}
protected $db_name = '';
protected $table_name = '';
protected $id_name = '';
protected $class_name = '';
function __construct($table_name, $class_name = '', $id_name = 'id', $db_name = '')
{
$this->db_name = $db_name ? $db_name : Database::get_main_database();
$this->table_name = $table_name;
$this->class_name = $class_name;
$this->id_name = $id_name;
}
function get_db_name($object = '')
{
if ($this->db_name)
{
return $this->db_name;
}
if ($object)
{
$result = isset($object->{db_name}) ? $object->{db_name} : '';
$result = $result ? $result : Database :: get_main_database();
return $result;
}
return Database::get_main_database();
}
function get($w)
{
$args = func_get_args();
$f = array($this, 'get_where');
$db_name = $this->get_db_name();
$where = call_user_func_array($f, $args);
$sql = "SELECT *
FROM `{$db_name}`.`{$this->table_name}`
WHERE $where";
$items = $this->query($sql);
return (count($items) == 1) ? reset($items) : null;
}
function select($w)
{
$args = func_get_args();
$f = array($this, 'get_where');
$db_name = $this->get_db_name();
$where = call_user_func_array($f, $args);
$sql = "SELECT *
FROM `{$db_name}`.`{$this->table_name}`
WHERE $where";
$result = $this->query($sql);
return $result;
}
function exist($w)
{
$args = func_get_args();
$f = array($this, 'get');
$object = call_user_func_array($f, $args);
return !empty($object);
}
function is_new($object)
{
$id_name = $this->id_name;
$id = isset($object->{$id_name}) ? $object->{$id_name} : false;
return empty($id);
}
function save($object)
{
if (empty($object))
{
return false;
}
$object = is_array($object) ? $this->create_object($object) : $object;
$this->before_save($object);
if ($this->is_new($object))
{
$result = $this->insert($object);
}
else
{
$result = $this->update($object);
}
return $result;
}
function delete($object)
{
$args = func_get_args();
$f = array($this, 'get_where');
$db_name = $this->get_db_name();
$where = call_user_func_array($f, $args);
$sql = "DELETE
FROM `{$db_name
}
`.`{$this->table_name
}
`
WHERE $where";
$result = $this->query($sql);
return $result;
}
/**
*
* @param array|object $data
* @return object
*/
public function create_object($data = array())
{
$data = $data ? $data : array();
$data = (object) $data;
$class = $this->class_name;
if (empty($class))
{
return clone $data;
}
$result = new $class();
foreach ($result as $key => $value)
{
$result->{$key} = property_exists($data, $key) ? $data->{$key} : null;
}
return $result;
}
public function fields($object)
{
static $result = array();
if (!empty($result))
{
return $result;
}
$db_name = $this->get_db_name($object);
$sql = "SELECT *
FROM `{$db_name}`.`{$this->table_name}`
LIMIT 1";
$rs = Database::query($sql, null, __FILE__);
while ($field = mysql_fetch_field($rs))
{
$result[] = $field;
}
return $result;
}
protected function before_save($object)
{
//hook
}
protected function update($object)
{
$id = isset($object->{$this->id_name}) ? $object->{$this->id_name} : false;
if (empty($id))
{
return false;
}
$items = array();
$fields = $this->fields($object);
foreach ($fields as $field)
{
$name = $field->name;
if ($name != $this->id_name)
{
if (property_exists($object, $name))
{
$value = $object->{$name};
$value = $this->format_value($value);
$items[] = "$name=$value";
}
}
}
$db_name = $this->get_db_name($object);
$sql = "UPDATE `{$db_name}`.`{$this->table_name}` SET ";
$sql .= join(', ', $items);
$sql .= " WHERE {$this->id_name}=$id";
$result = $this->execute($sql);
if ($result)
{
$object->{db_name} = $db_name;
}
return (bool) $result;
}
protected function insert($object)
{
$id = isset($object->{$this->id_name}) ? $object->{$this->id_name} : false;
if (empty($object))
{
return false;
}
$values = array();
$keys = array();
$fields = $this->fields($object);
foreach ($fields as $field)
{
$name = $field->name;
if ($name != $this->id_name)
{
if (property_exists($object, $name))
{
$value = $object->{$name};
$value = is_null($value) ? 'DEFAULT' : $this->format_value($value);
$values[] = $value;
$keys[] = $name;
}
}
}
$db_name = $this->get_db_name($object);
$sql = "INSERT INTO `{$db_name}`.`{$this->table_name}` ";
$sql .= ' (' . join(', ', $keys) . ') ';
$sql .= 'VALUES';
$sql .= ' (' . join(', ', $values) . ') ';
$result = $this->execute($sql);
if ($result)
{
$id = mysql_insert_id();
$object->{$this->id_name} = $id;
$object->{db_name} = $db_name;
return $id;
}
else
{
return false;
}
}
protected function get_where($_)
{
$args = func_get_args();
if (count($args) == 1)
{
$arg = reset($args);
if (is_numeric($arg))
{
$id = (int) $arg;
if (empty($id))
{
return '';
}
$args = array($this->pk_name, $arg);
}
else if (is_string($arg))
{
return $arg;
}
else if (is_array($arg))
{
$args = $arg;
}
else
{
return $arg;
}
}
$items = array();
foreach ($args as $key => $val)
{
$items[] = $key . ' = ' . $this->format_value($val);
}
return implode(' AND ', $items);
}
protected function format_value($value)
{
if (is_null($value))
{
return 'NULL';
}
if (is_bool($var))
{
return $value ? '1' : '0';
}
else if (is_numeric($value))
{
return empty($value) ? '0' : $value;
}
else if (is_string($value))
{
$value = mysql_escape_string($value);
return "'$value'";
}
else
{
return $value;
}
}
/**
*
* @param string $sql
* @return array
*/
protected function query($sql)
{
$resource = Database::query($sql, null, __FILE__);
if ($resource == false)
{
return array();
}
$result = array();
while ($data = mysql_fetch_assoc($resource))
{
$result[] = $this->create_object($data);
}
return $result;
}
/**
* @param string $sql
*/
protected function execute($sql)
{
return Database::query($sql, null, __FILE__);
}
}

35
main/auth/shibboleth/login.php
Unescape View File

@ -1,35 +0,0 @@
<?php
namespace Shibboleth;
/**
* Shibboleth login page.
*
* Actual authentication is provided by the Shibboleth Apache security module.
* Shibboleth must be properly installed and configured. Then this page must
* be secured through an Apache security directive.
*
* When Shibboleth is properly set up this page will only be available for
* authenticated users. The plugin ensure those people are created and logged in.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
include_once __DIR__.'/init.php';
/*
==============================================================================
TEST SECTION
==============================================================================
*
* @todo: Only for testing. Comment that out for production
*
*/
//Shibboleth::session()->logout();
//ShibbolethTest::helper()->setup_new_student_no_email();
//ShibbolethTest::helper()->setup_staff();
//ShibbolethTest::helper()->setup_new_teacher();
//ShibbolethTest::helper()->setup_new_student();
//ShibbolethTest::helper()->setup_new_minimal_data();
ShibbolethController::instance()->login();

36
main/auth/shibboleth/script/scaffold.php
Unescape View File

@ -1,36 +0,0 @@
<?php
namespace Shibboleth;
/**
* Scaffold script. Generates the required database models for the Shibboleth
* plugin.
*
* Will only run when the server is a test server.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
$dir = __DIR__;
include_once $dir.'/../init.php';
include_once $dir.'/../app/lib/scaffolder/scaffolder.class.php';
if (!ShibbolethTest::is_enabled())
{
echo 'This is not a test server';
die;
}
if (!Shibboleth::session()->is_logged_in())
{
echo 'Not authorized';
die;
}
$name = 'user';
$result = Scaffolder::instance()->scaffold($name);
file_put_contents("$dir/output/$name.class.php", $result);
header('content-type: text/plain');
echo $result;

218
main/auth/shibboleth/test/shibboleth_test.class.php
Unescape View File

@ -1,218 +0,0 @@
<?php
namespace Shibboleth;
/**
* Various Unit Tests. Note that those tests create users in the database but
* don't delete them.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethTest
{
static function is_enabled()
{
return api_get_setting('server_type') == 'test';
}
/**
* @return ShibbolethTestHelper
*/
static function helper()
{
return ShibbolethTestHelper::instance();
}
static function init()
{
if (!self::is_enabled())
{
die;
}
}
static function test_new_teacher()
{
self::init();
self::helper()->setup_new_teacher();
$shib_user = Shibboleth::store()->get_user();
self::assert(!User::store()->shibboleth_id_exists($shib_user->unique_id));
Shibboleth::save($shib_user);
$user = User::store()->get_by_shibboleth_id($shib_user->unique_id);
self::assert($user->email == $shib_user->email);
self::assert($user->firstname == $shib_user->firstname);
self::assert($user->lastname == $shib_user->lastname);
self::assert($user->persistent_id == $shib_user->persistent_id);
self::assert($user->status == Shibboleth::TEACHER_STATUS);
self::assert(!empty($user->password));
self::assert(!empty($user->username));
}
static function test_new_student()
{
self::init();
self::helper()->setup_new_student();
$shib_user = Shibboleth::store()->get_user();
self::assert(!User::store()->shibboleth_id_exists($shib_user->unique_id));
Shibboleth::save($shib_user);
$user = User::store()->get_by_shibboleth_id($shib_user->unique_id);
self::assert($user->email == $shib_user->email);
self::assert($user->firstname == $shib_user->firstname);
self::assert($user->lastname == $shib_user->lastname);
self::assert($user->persistent_id == $shib_user->persistent_id);
self::assert($user->status == Shibboleth::STUDENT_STATUS);
self::assert(!empty($user->password));
self::assert(!empty($user->username));
}
static function test_new_staff()
{
self::init();
self::helper()->setup_new_staff();
$shib_user = Shibboleth::store()->get_user();
self::assert(!User::store()->shibboleth_id_exists($shib_user->unique_id));
Shibboleth::save($shib_user);
$user = User::store()->get_by_shibboleth_id($shib_user->unique_id);
self::assert($user->email == $shib_user->email);
self::assert($user->firstname == $shib_user->firstname);
self::assert($user->lastname == $shib_user->lastname);
self::assert($user->persistent_id == $shib_user->persistent_id);
self::assert($user->status == Shibboleth::STUDENT_STATUS);
self::assert(!empty($user->password));
self::assert(!empty($user->username));
}
static function test_new_infer_status_request()
{
self::init();
self::helper()->setup_new_staff();
$shib_user = Shibboleth::store()->get_user();
Shibboleth::save($shib_user);
self::assert($shib_user->status_request);
self::helper()->setup_new_teacher();
$shib_user = Shibboleth::store()->get_user();
Shibboleth::save($shib_user);
self::assert(!$shib_user->status_request);
self::helper()->setup_new_student();
$shib_user = Shibboleth::store()->get_user();
Shibboleth::save($shib_user);
self::assert(!$shib_user->status_request);
}
static function test_update_teacher()
{
self::init();
$fields = Shibboleth::config()->update_fields;
self::assert($fields['email']);
self::assert($fields['persistent_id']);
self::assert($fields['firstname']);
self::assert($fields['lastname']);
self::assert(!$fields['status']);
self::helper()->setup_teacher();
$shib_user = Shibboleth::store()->get_user();
Shibboleth::save($shib_user);
$new_shib_user = clone($shib_user);
$new_shib_user->firstname = 'frs';
$new_shib_user->lastname = 'ls';
$new_shib_user->email = 'em';
$new_shib_user->status = 10;
$new_shib_user->persistent_id = 'per';
Shibboleth::save($new_shib_user);
$user = User::store()->get_by_shibboleth_id($shib_user->unique_id);
self::assert($user->email == $new_shib_user->email);
self::assert($value = ($user->shibb_persistent_id == $new_shib_user->persistent_id));
self::assert($user->firstname == $new_shib_user->firstname);
self::assert($user->lastname == $new_shib_user->lastname);
self::assert($user->status == $shib_user->status);
self::assert(!empty($user->password));
self::assert(!empty($user->username));
}
static function test_new_student_multiple_givenname()
{
self::init();
self::helper()->setup_new_student_multiple_givenname();
$shib_user = Shibboleth::store()->get_user();
self::assert(!User::store()->shibboleth_id_exists($shib_user->unique_id));
Shibboleth::save($shib_user);
$user = User::store()->get_by_shibboleth_id($shib_user->unique_id);
self::assert($user->email == $shib_user->email);
self::assert($user->firstname == 'John');
self::assert($user->lastname == $shib_user->lastname);
self::assert($user->persistent_id == $shib_user->persistent_id);
self::assert($user->status == Shibboleth::STUDENT_STATUS);
self::assert(!empty($user->password));
self::assert(!empty($user->username));
}
static function test_new_no_affiliation_default()
{
self::init();
self::helper()->setup_new_no_affiliation();
$shib_user = Shibboleth::store()->get_user();
self::assert($config = Shibboleth::config()->default_status == Shibboleth::STUDENT_STATUS);
self::assert(!User::store()->shibboleth_id_exists($shib_user->unique_id));
self::assert($shib_user->affiliation == '');
Shibboleth::save($shib_user);
$user = User::store()->get_by_shibboleth_id($shib_user->unique_id);
self::assert($user->email == $shib_user->email);
self::assert($user->firstname == 'John');
self::assert($user->lastname == $shib_user->lastname);
self::assert($user->persistent_id == $shib_user->persistent_id);
self::assert($user->status == Shibboleth::STUDENT_STATUS);
self::assert(!empty($user->password));
self::assert(!empty($user->username));
}
static function assert($assertion, $message = '')
{
if (!$assertion)
{
$message = "Assert failed $message <br/>";
echo $message;
// Dump variable for debug
error_log(print_r(debug_backtrace(), 1));
die;
}
else
{
$message = "Assert successful $message <br/>";
echo $message;
}
}
}

133
main/auth/shibboleth/test/shibboleth_test_helper.class.php
Unescape View File

@ -1,133 +0,0 @@
<?php
namespace Shibboleth;
/**
* Helper functions for the tests. Set up various dummy user types: teacher, student, etc.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethTestHelper
{
/**
*
* @return ShibbolethTestHelper
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
public function setup_teacher()
{
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_1';
$_SERVER['Shib-EP-Affiliation'] = 'member;staff;faculty';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe';
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!drea34çcv3d';
}
public function setup_student()
{
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_1';
$_SERVER['Shib-EP-Affiliation'] = 'member';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe';
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!drea34çcv3d';
}
public function setup_staff()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_123456';
$_SERVER['Shib-EP-Affiliation'] = 'member;staff';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John Staff';
$_SERVER['Shib-Person-surname'] = 'Doe';
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.staff.doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!usr_123456';
}
public function setup_new_student()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id;
$_SERVER['Shib-EP-Affiliation'] = 'member';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe' . $id;
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.' . $id . 'Doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!' . md5($id);
}
public function setup_new_student_no_email()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id;
$_SERVER['Shib-EP-Affiliation'] = 'member';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe' . $id;
$_SERVER['Shib-InetOrgPerson-mail'] = '';
$_SERVER['persistent-id'] = 'idp!viewer!' . md5($id);
}
public function setup_new_student_multiple_givenname()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id;
$_SERVER['Shib-EP-Affiliation'] = 'member';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John;Alex;John Alex';
$_SERVER['Shib-Person-surname'] = 'Doe' . $id;
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.' . $id . 'Doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!' . md5($id);
}
public function setup_new_teacher()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id;
$_SERVER['Shib-EP-Affiliation'] = 'member;staff;faculty';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe' . $id;
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.' . $id . 'Doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!' . md5($id);
}
public function setup_new_staff()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id;
$_SERVER['Shib-EP-Affiliation'] = 'member;staff';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe' . $id;
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.' . $id . 'Doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!' . md5($id);
}
public function setup_new_no_affiliation()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id;
$_SERVER['Shib-EP-Affiliation'] = '';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe' . $id;
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.' . $id . 'Doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!' . md5($id);
}
public function setup_new_minimal_data()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id;
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe' . $id;
}
}

32
main/auth/shibboleth/test/test.php
Unescape View File

@ -1,32 +0,0 @@
<?php
namespace Shibboleth;
/**
* Run unit tests. Server needs to be a test server to run those.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
include_once __DIR__.'/../init.php';
if (!ShibbolethTest::is_enabled())
{
echo 'This is not a test server';
die;
}
echo 'Test started<br/>-------------------<br/>';
ShibbolethTest::test_new_teacher();
ShibbolethTest::test_new_student();
ShibbolethTest::test_update_teacher();
ShibbolethTest::test_new_student_multiple_givenname();
ShibbolethTest::test_new_no_affiliation_default();
ShibbolethTest::test_new_staff();
ShibbolethTest::test_new_infer_status_request();
echo '-------------------<br/>Done!';

20
main/auth/shibboleth/test/test_no_email.php
Unescape View File

@ -1,20 +0,0 @@
<?php
namespace Shibboleth;
/**
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
include_once __DIR__.'/../init.php';
if (!ShibbolethTest::is_enabled())
{
echo 'This is not a test server';
die;
}
Shibboleth::session()->logout();
ShibbolethTest::helper()->setup_new_student_no_email();
require_once __DIR__.'/../login.php';
Write Preview
Loading…
Cancel
Save